melonBlog

Someone from 074.b.004...
I switched off my rule in kerio to filter out attempts to connect to port 135, to see what would happen...

...2 mins later...

Someone from 074.b.004.pth.iprimus.net.au [211.26.97.74], port 4436 wants to connect to port 135 owned by'Generic Host Process for Win32 Services' on your computer

Deny...

...seconds later...

Someone from 211.26.115.41, port 3307 wants to connect to port 135 owned by 'Generic Host Process for Win32 Services' on your computer

Deny...

Someone from 041.a.002.ncl.iprimus.net.au [211.26.132.41], port 3425 wants to connect to port 135 owned by 'Generic Host Process for Win32 Services' on your computer

...re-activate rule!

how sus' is that?! plenty of infected machines out there!