Re: 1400 connection attempts to port tcp:135

m.laporta · ‎03-01-2004

Hi Experts.

A PC in my Customer's network has a very strange traffic profile: almost 1400 connection attempts to public addresses on tcp port 135.

Do you think the PC infected by a virus?

Thank you!

===================================

Pix# sh conn lo 192.168.70.25

1392 in use, 1522 most used

TCP out A.B.231.245:135 in 192.168.70.25:1977 idle 0:01:34 Bytes 0 flags saA

TCP out A.B.231.96:135 in 192.168.70.25:1828 idle 0:01:48 Bytes 0 flags saA

TCP out A.B.235.51:135 in 192.168.70.25:2808 idle 0:00:19 Bytes 0 flags saA

TCP out A.B.234.136:135 in 192.168.70.25:2637 idle 0:00:36 Bytes 0 flags saA

TCP out A.B.235.84:135 in 192.168.70.25:2841 idle 0:00:16 Bytes 0 flags saA

TCP out A.B.230.243:135 in 192.168.70.25:1719 idle 0:01:57 Bytes 0 flags saA

TCP out A.B.232.232:135 in 192.168.70.25:2221 idle 0:01:12 Bytes 0 flags saA

TCP out A.B.234.188:135 in 192.168.70.25:2689 idle 0:00:30 Bytes 0 flags saA

TCP out A.B.234.247:135 in 192.168.70.25:2748 idle 0:00:25 Bytes 0 flags saA

TCP out A.B.232.51:135 in 192.168.70.25:2039 idle 0:01:28 Bytes 0 flags saA

TCP out A.B.233.171:135 in 192.168.70.25:2416 idle 0:00:55 Bytes 0 flags saA

TCP out A.B.231.241:135 in 192.168.70.25:1973 idle 0:01:35 Bytes 0 flags saA

TCP out A.B.232.2:135 in 192.168.70.25:1990 idle 0:01:34 Bytes 0 flags saA

TCP out A.B.235.38:135 in 192.168.70.25:2795 idle 0:00:21 Bytes 0 flags saA

TCP out A.B.231.226:135 in 192.168.70.25:1958 idle 0:01:35 Bytes 0 flags saA

<snip>

jmia · ‎03-01-2004

Hi,

The symtoms you are seeing looks like the 'Nachi' virus, please read the following document:

Hope this helps and let me know how you get on.

Thanks - Jay