Šta je novo?
Od:
Filteri

Worm Helkern me stalno napada, sta da radim?

Gorr

Gorr

Znamenit
Učlanjen(a)
24.08.2000
Poruke
2,006
Poena
1,025
Moja oprema  
CPU & Cooler
CPU: INTEL Core I9-10900KF 10-Core 3.7GHz (5.30GHz) CPU Cooler: Noctua NH-D15 Black
Matična ploča
MSI MPG Z490 GAMING EDGE WIFI
RAM
KINGSTON DIMM DDR4 64GB (2x32GB Kit) 3600MHz HyperX FURY RGB
GPU
Gigabyte Aorus RTX 2080 SUPER 8G
Storage
SAMSUNG SSD 970 EVO PLUS 1TB NVMe M2, Seagate 6TB IronWolf Pro NAS
Kućište
Be quiet! BGW34
Monitor
Dell U2713HM
Ostale periferije
APC SmartUPS 1000
Pristup internetu
  1. Optički internet
Kaspersky.gif


Evo poruke koju Kaspersky izbacuje, ovo mi se dogadja par puta dnevno i uzasno me iritira posto dolazi sa istog IP-a. Kako da prijavim ovaj IP, i da li uopste vredi da se cimam sa ovim?
 
I meni se desava identicno i to zbog Microsoft SQL Server-a 2000 (provalio posle par dana). Cim bih iskljucio KAV na kratko, SQL server bi over-buffer -ovao i ubrzo zakocio celu masinu. Bas za SQL postoji XP security update, a SP2 je imun. I posle tog patch-a KAV javlja tu poruku za remote attack, al' sam stavio da mi je ne prikazuje.

BTW, ovaj worm je mator skoro 3 godine i kad se pojavio napravio je pi*vajz, al' izgleda jos uvek ne odustaje. :)
 
Skines necrosoft whois i poteras:

Kod: 
inetnum:      60.32.0.0 - 60.47.255.255
netname:      OCN
descr:        NTT Communications Corporation
descr:        1-6 Uchisaiwai-cho 1-chome Chiyoda-ku, Tokyo 100-8019 Japan
country:      JP
admin-c:      JNIC1-AP
tech-c:       JNIC1-AP
status:       ALLOCATED PORTABLE
remarks:      Email address for spam or abuse complaints : [email][email protected][/email]
mnt-by:       MAINT-JPNIC
mnt-lower:    MAINT-JPNIC
changed:      [email][email protected][/email] 20040402
changed:      [email][email protected][/email] 20050401
source:       APNIC

role:         Japan Network Information Center
address:      Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda
address:      Chiyoda-ku, Tokyo 101-0047, Japan
country:      JP
phone:        +81-3-5297-2311
fax-no:       +81-3-5297-2312
e-mail:       [email][email protected][/email]
admin-c:      JI13-AP
tech-c:       JE53-AP
nic-hdl:      JNIC1-AP
mnt-by:       MAINT-JPNIC
changed:      [email][email protected][/email] 20041222
changed:      [email][email protected][/email] 20050324
changed:      [email][email protected][/email] 20051027
source:       APNIC

inetnum:      60.34.0.0 - 60.34.255.255
netname:      PLALA
descr:        Plala Networks Inc.
country:      JP
admin-c:      MN2905JP
tech-c:       HS3694JP
remarks:      This information has been partially mirrored by APNIC from
remarks:      JPNIC. To obtain more specific information, please use the
remarks:      JPNIC WHOIS Gateway at
remarks:      [url]http://www.nic.ad.jp/en/db/whois/en-gateway.html[/url] or
remarks:      whois.nic.ad.jp for WHOIS client. (The WHOIS client
remarks:      defaults to Japanese output, use the /e switch for English
remarks:      output)
changed:      [email][email protected][/email] 20040517
source:       JPNIC

Pa odatle:

Kod: 
Network Information:            
a. [Network Number]             60.34.0.0/16
b. [Network Name]               PLALA
g. [Organization]               Plala Networks Inc.
m. [Administrative Contact]     MN2905JP
n. [Technical Contact]          HS3694JP
p. [Nameserver]                 dns1.plala.or.jp
p. [Nameserver]                 dns2.plala.or.jp
p. [Nameserver]                 ns-tk061.ocn.ad.jp
[Assigned Date]                 2004/05/17
[Return Date]                   
[Last Update]                   2004/05/17 17:58:21(JST)

Posto podmreza (60.34.xx.xx) nema abuse kontakt, odatle:

Kod: 
[Network Number]                60.32.0.0/12
[Network Name]                  
[Organization]                  NTT COMMUNICATIONS CORPORATION
[Administrative Contact]        AY1361JP
[Technical Contact]             MO081JP
[Technical Contact]             KK551JP
[Technical Contact]             IM657JP
[Abuse]                         [email][email protected][/email]
[Allocated Date]                2004/04/02
[Last Update]                   2006/02/08 11:59:14(JST)

Znaci prijavi nadprovajderu (NTT Comunications Corporation) na [email protected]. Ne salji attachmente dok ne traze, mozes samo copy paste text log iz firewalla ako imas.
 
ok, ali to je proxy.
Napadac moze da promeni proxy i onda ista prica iz pocetka.
Jel postoji nesto za blokiranje poseta NEstandardnog tipa, odnosno onih koje ne idu preko browsera ... neka skripta za prepoznavanje toga i sl .. meni je nepoznatno - ali mozda neko zna
 
Ma to ne radi niko svesno, bre, nego je nekome zablentavio komp...
 
@audiofreak:
Thanks na listingu, sibnucu mail pa sta bude

@Delija and all:
ma znam da je to nekome zarazen komp, ali kako ce da sazna ako ga neko ne opomene. Nije ovo nista strasno, nego Kaspersky ume malo da iritira kad zaskici, pa me malo iznervirao :D
 
Pa iskljuci taj glupi zvuk u jos glupljem KAVu... :D
 
Morate se prijaviti ili registrovati da odgovorite ovde.
Vrh Dno