Home » Rants
Too Many Fish In The SeaWeek of 1 October 2004 There's too many fish in the sea Too many fish in the sea There's short ones tall ones fine ones kind ones Too many fish in the sea - Norman Whitfield
Scott Grannemann says a Windows PC gets hit within 20 minutes; Symantec says a Windows PC gets hit every 10 - 15 seconds. How bad is it really?
Thanks to a brave XPT user - and the excellent Ethernet packet sniffer X-frame - we now know.
In less than ten minutes our warrior got attacked nineteen (19) times - almost two attacks per minute.
What follows is the X-frame log of this ten minute session. No other activity was attempted on the host computer during this time. Aside from the two peremptory 'router solicits' on connect, this is incoming traffic only - attacks from infected machines.
Read it and be scared.
2004-10-01 18:21:33.210 XXX.XXX.XXX.XXX 224.0.0.2 Normal 28 52805 128 ICMP
2004-10-01 18:21:33.210 10 0 router solicit
2004-10-01 18:21:36.240 XXX.XXX.XXX.XXX 224.0.0.2 Normal 28 53061 128 ICMP
2004-10-01 18:21:36.240 10 0 router solicit
2004-10-01 18:21:39.260 XXX.XXX.XXX.XXX 224.0.0.2 Normal 28 53317 128 ICMP
2004-10-01 18:21:39.260 10 0 router solicit
2004-10-01 18:21:40.300 4.31.22.163 XXX.XXX.XXX.XXX Normal 48 4180 117 TCP
2004-10-01 18:21:40.300 2583 445 A18CDD28 00000000 - - - - X - FAF0
2004-10-01 18:21:40.350 XXX.XXX.XXX.XXX 4.31.22.163 Normal 40 53573 128 TCP
2004-10-01 18:21:40.350 445 2583 00000000 A18CDD29 - X - X - - 0000
2004-10-01 18:21:42.830 4.31.22.163 XXX.XXX.XXX.XXX Normal 48 5157 117 TCP
2004-10-01 18:21:42.830 2583 445 A18CDD28 00000000 - - - - X - FAF0
2004-10-01 18:21:42.880 XXX.XXX.XXX.XXX 4.31.22.163 Normal 40 53829 128 TCP
2004-10-01 18:21:42.880 445 2583 00000000 A18CDD29 - X - X - - 0000
2004-10-01 18:21:44.860 4.31.22.163 XXX.XXX.XXX.XXX Normal 48 6454 117 TCP
2004-10-01 18:21:44.860 2583 445 A18CDD28 00000000 - - - - X - FAF0
2004-10-01 18:21:44.860 XXX.XXX.XXX.XXX 4.31.22.163 Normal 40 54085 128 TCP
2004-10-01 18:21:44.860 445 2583 00000000 A18CDD29 - X - X - - 0000
2004-10-01 18:21:49.030 209.214.141.194 XXX.XXX.XXX.XXX Normal 48 37354 118 TCP
2004-10-01 18:21:49.030 3159 445 F91B0738 00000000 - - - - X - 2238
2004-10-01 18:21:49.030 XXX.XXX.XXX.XXX 209.214.141.194 Normal 40 54341 128 TCP
2004-10-01 18:21:49.030 445 3159 00000000 F91B0739 - X - X - - 0000
2004-10-01 18:21:52.330 209.214.141.194 XXX.XXX.XXX.XXX Normal 48 37579 118 TCP
2004-10-01 18:21:52.330 3159 445 F91B0738 00000000 - - - - X - 2238
2004-10-01 18:21:52.330 XXX.XXX.XXX.XXX 209.214.141.194 Normal 40 54597 128 TCP
2004-10-01 18:21:52.330 445 3159 00000000 F91B0739 - X - X - - 0000
2004-10-01 18:21:52.710 66.233.128.65 XXX.XXX.XXX.XXX Normal 48 13008 109 TCP
2004-10-01 18:21:52.710 1559 6346 5C122EEB 00000000 - - - - X - FAF0
2004-10-01 18:21:52.770 XXX.XXX.XXX.XXX 66.233.128.65 Normal 40 54853 128 TCP
2004-10-01 18:21:52.770 6346 1559 00000000 5C122EEC - X - X - - 0000
2004-10-01 18:21:53.150 209.214.141.194 XXX.XXX.XXX.XXX Normal 48 37608 118 TCP
2004-10-01 18:21:53.150 3159 445 F91B0738 00000000 - - - - X - 2238
2004-10-01 18:21:53.210 XXX.XXX.XXX.XXX 209.214.141.194 Normal 40 55109 128 TCP
2004-10-01 18:21:53.210 445 3159 00000000 F91B0739 - X - X - - 0000
2004-10-01 18:21:55.680 66.233.128.65 XXX.XXX.XXX.XXX Normal 48 13172 109 TCP
2004-10-01 18:21:55.680 1559 6346 5C122EEB 00000000 - - - - X - FAF0
2004-10-01 18:21:55.730 XXX.XXX.XXX.XXX 66.233.128.65 Normal 40 55365 128 TCP
2004-10-01 18:21:55.730 6346 1559 00000000 5C122EEC - X - X - - 0000
2004-10-01 18:21:57.110 66.233.128.65 XXX.XXX.XXX.XXX Normal 48 13251 109 TCP
2004-10-01 18:21:57.110 1559 6346 5C122EEB 00000000 - - - - X - FAF0
2004-10-01 18:21:57.110 XXX.XXX.XXX.XXX 66.233.128.65 Normal 40 55621 128 TCP
2004-10-01 18:21:57.110 6346 1559 00000000 5C122EEC - X - X - - 0000
2004-10-01 18:21:58.920 209.215.55.68 XXX.XXX.XXX.XXX Normal 48 37124 119 TCP
2004-10-01 18:21:58.920 4495 445 87FF3619 00000000 - - - - X - 2238
2004-10-01 18:21:58.920 XXX.XXX.XXX.XXX 209.215.55.68 Normal 40 55877 128 TCP
2004-10-01 18:21:58.920 445 4495 00000000 87FF361A - X - X - - 0000
2004-10-01 18:22:07.930 68.96.203.15 XXX.XXX.XXX.XXX Normal 48 40155 113 TCP
2004-10-01 18:22:07.930 2348 6346 F01C1CFE 00000000 - - - - X - FAF0
2004-10-01 18:22:07.930 XXX.XXX.XXX.XXX 68.96.203.15 Normal 40 56133 128 TCP
2004-10-01 18:22:07.930 6346 2348 00000000 F01C1CFF - X - X - - 0000
2004-10-01 18:22:08.750 68.96.203.15 XXX.XXX.XXX.XXX Normal 48 40290 113 TCP
2004-10-01 18:22:08.750 2348 6346 F01C1CFE 00000000 - - - - X - FAF0
2004-10-01 18:22:08.750 XXX.XXX.XXX.XXX 68.96.203.15 Normal 40 56389 128 TCP
2004-10-01 18:22:08.750 6346 2348 00000000 F01C1CFF - X - X - - 0000
2004-10-01 18:22:09.570 68.96.203.15 XXX.XXX.XXX.XXX Normal 48 40417 113 TCP
2004-10-01 18:22:09.570 2348 6346 F01C1CFE 00000000 - - - - X - FAF0
2004-10-01 18:22:09.570 XXX.XXX.XXX.XXX 68.96.203.15 Normal 40 56645 128 TCP
2004-10-01 18:22:09.570 6346 2348 00000000 F01C1CFF - X - X - - 0000
2004-10-01 18:22:11.830 68.96.203.15 XXX.XXX.XXX.XXX Normal 48 40731 113 TCP
2004-10-01 18:22:11.830 2384 6346 F047611B 00000000 - - - - X - FAF0
2004-10-01 18:22:11.830 XXX.XXX.XXX.XXX 68.96.203.15 Normal 40 56901 128 TCP
2004-10-01 18:22:11.830 6346 2384 00000000 F047611C - X - X - - 0000
2004-10-01 18:22:12.710 68.96.203.15 XXX.XXX.XXX.XXX Normal 48 40965 113 TCP
2004-10-01 18:22:12.710 2384 6346 F047611B 00000000 - - - - X - FAF0
2004-10-01 18:22:12.710 XXX.XXX.XXX.XXX 68.96.203.15 Normal 40 57157 128 TCP
2004-10-01 18:22:12.710 6346 2384 00000000 F047611C - X - X - - 0000
2004-10-01 18:22:13.580 68.96.203.15 XXX.XXX.XXX.XXX Normal 48 41186 113 TCP
2004-10-01 18:22:13.580 2384 6346 F047611B 00000000 - - - - X - FAF0
2004-10-01 18:22:13.580 XXX.XXX.XXX.XXX 68.96.203.15 Normal 40 57413 128 TCP
2004-10-01 18:22:13.580 6346 2384 00000000 F047611C - X - X - - 0000
2004-10-01 18:22:18.310 209.214.19.13 XXX.XXX.XXX.XXX Normal 48 18304 119 TCP
2004-10-01 18:22:18.310 1921 445 F9F335F1 00000000 - - - - X - 2238
2004-10-01 18:22:18.360 XXX.XXX.XXX.XXX 209.214.19.13 Normal 40 57669 128 TCP
2004-10-01 18:22:18.360 445 1921 00000000 F9F335F2 - X - X - - 0000
2004-10-01 18:22:49.510 141.154.49.117 XXX.XXX.XXX.XXX Normal 48 58897 112 TCP
2004-10-01 18:22:49.510 50595 6346 EC59DEC1 00000000 - - - - X - FFFF
2004-10-01 18:22:49.510 XXX.XXX.XXX.XXX 141.154.49.117 Normal 40 57925 128 TCP
2004-10-01 18:22:49.510 6346 50595 00000000 EC59DEC2 - X - X - - 0000
2004-10-01 18:22:50.220 141.154.49.117 XXX.XXX.XXX.XXX Normal 48 58924 112 TCP
2004-10-01 18:22:50.220 50595 6346 EC59DEC1 00000000 - - - - X - FFFF
2004-10-01 18:22:50.220 XXX.XXX.XXX.XXX 141.154.49.117 Normal 40 58181 128 TCP
2004-10-01 18:22:50.220 6346 50595 00000000 EC59DEC2 - X - X - - 0000
2004-10-01 18:22:51.040 141.154.49.117 XXX.XXX.XXX.XXX Normal 48 58958 112 TCP
2004-10-01 18:22:51.040 50595 6346 EC59DEC1 00000000 - - - - X - FFFF
2004-10-01 18:22:51.100 XXX.XXX.XXX.XXX 141.154.49.117 Normal 40 58437 128 TCP
2004-10-01 18:22:51.100 6346 50595 00000000 EC59DEC2 - X - X - - 0000
2004-10-01 18:23:08.730 141.158.32.82 XXX.XXX.XXX.XXX Normal 48 39703 110 TCP
2004-10-01 18:23:08.730 2586 445 F1A8B32F 00000000 - - - - X - FF00
2004-10-01 18:23:08.780 XXX.XXX.XXX.XXX 141.158.32.82 Normal 40 58693 128 TCP
2004-10-01 18:23:08.780 445 2586 00000000 F1A8B330 - X - X - - 0000
2004-10-01 18:23:09.770 141.158.32.82 XXX.XXX.XXX.XXX Normal 48 39809 110 TCP
2004-10-01 18:23:09.770 2586 445 F1A8B32F 00000000 - - - - X - FF00
2004-10-01 18:23:09.830 XXX.XXX.XXX.XXX 141.158.32.82 Normal 40 58949 128 TCP
2004-10-01 18:23:09.830 445 2586 00000000 F1A8B330 - X - X - - 0000
2004-10-01 18:23:10.820 141.158.32.82 XXX.XXX.XXX.XXX Normal 48 39927 110 TCP
2004-10-01 18:23:10.820 2586 445 F1A8B32F 00000000 - - - - X - FF00
2004-10-01 18:23:10.870 XXX.XXX.XXX.XXX 141.158.32.82 Normal 40 59205 128 TCP
2004-10-01 18:23:10.870 445 2586 00000000 F1A8B330 - X - X - - 0000
2004-10-01 18:23:29.660 217.211.28.175 XXX.XXX.XXX.XXX Normal 48 59168 108 TCP
2004-10-01 18:23:29.660 4230 445 6CCAE4A9 00000000 - - - - X - FAF0
2004-10-01 18:23:29.660 XXX.XXX.XXX.XXX 217.211.28.175 Normal 40 59461 128 TCP
2004-10-01 18:23:29.660 445 4230 00000000 6CCAE4AA - X - X - - 0000
2004-10-01 18:23:30.430 217.211.28.175 XXX.XXX.XXX.XXX Normal 48 59485 108 TCP
2004-10-01 18:23:30.430 4230 445 6CCAE4A9 00000000 - - - - X - FAF0
2004-10-01 18:23:30.480 XXX.XXX.XXX.XXX 217.211.28.175 Normal 40 59717 128 TCP
2004-10-01 18:23:30.480 445 4230 00000000 6CCAE4AA - X - X - - 0000
2004-10-01 18:23:31.360 217.211.28.175 XXX.XXX.XXX.XXX Normal 48 59776 108 TCP
2004-10-01 18:23:31.360 4230 445 6CCAE4A9 00000000 - - - - X - FAF0
2004-10-01 18:23:31.360 XXX.XXX.XXX.XXX 217.211.28.175 Normal 40 59973 128 TCP
2004-10-01 18:23:31.360 445 4230 00000000 6CCAE4AA - X - X - - 0000
2004-10-01 18:25:14.290 216.113.232.3 XXX.XXX.XXX.XXX Normal 48 27347 112 TCP
2004-10-01 18:25:14.290 11963 445 F5C8F647 00000000 - - - - X - FAF0
2004-10-01 18:25:14.290 XXX.XXX.XXX.XXX 216.113.232.3 Normal 40 60229 128 TCP
2004-10-01 18:25:14.290 445 11963 00000000 F5C8F648 - X - X - - 0000
2004-10-01 18:25:15.110 216.113.232.3 XXX.XXX.XXX.XXX Normal 48 27468 112 TCP
2004-10-01 18:25:15.110 11963 445 EE57CAF6 00000000 - - - - X - FAF0
2004-10-01 18:25:15.110 XXX.XXX.XXX.XXX 216.113.232.3 Normal 40 60485 128 TCP
2004-10-01 18:25:15.110 445 11963 00000000 EE57CAF7 - X - X - - 0000
2004-10-01 18:25:15.550 209.214.27.165 XXX.XXX.XXX.XXX Normal 48 61 119 TCP
2004-10-01 18:25:15.550 1850 445 20631E8E 00000000 - - - - X - 2238
2004-10-01 18:25:15.550 XXX.XXX.XXX.XXX 209.214.27.165 Normal 40 60741 128 TCP
2004-10-01 18:25:15.550 445 1850 00000000 20631E8F - X - X - - 0000
2004-10-01 18:25:15.990 216.113.232.3 XXX.XXX.XXX.XXX Normal 48 27617 112 TCP
2004-10-01 18:25:15.990 11963 445 BBD51546 00000000 - - - - X - FAF0
2004-10-01 18:25:15.990 XXX.XXX.XXX.XXX 216.113.232.3 Normal 40 60997 128 TCP
2004-10-01 18:25:15.990 445 11963 00000000 BBD51547 - X - X - - 0000
2004-10-01 18:25:18.190 209.214.27.165 XXX.XXX.XXX.XXX Normal 48 638 119 TCP
2004-10-01 18:25:18.190 1850 445 20631E8E 00000000 - - - - X - 2238
2004-10-01 18:25:18.240 XXX.XXX.XXX.XXX 209.214.27.165 Normal 40 61253 128 TCP
2004-10-01 18:25:18.240 445 1850 00000000 20631E8F - X - X - - 0000
2004-10-01 18:25:23.630 24.58.144.14 XXX.XXX.XXX.XXX Normal 52 36154 113 TCP
2004-10-01 18:25:23.630 2533 6346 1E8C6E57 00000000 - - - - X - FFFF
2004-10-01 18:25:23.630 XXX.XXX.XXX.XXX 24.58.144.14 Normal 40 61509 128 TCP
2004-10-01 18:25:23.630 6346 2533 00000000 1E8C6E58 - X - X - - 0000
2004-10-01 18:25:24.450 24.58.144.14 XXX.XXX.XXX.XXX Normal 52 36157 113 TCP
2004-10-01 18:25:24.450 2533 6346 1E8C6E57 00000000 - - - - X - FFFF
2004-10-01 18:25:24.450 XXX.XXX.XXX.XXX 24.58.144.14 Normal 40 61765 128 TCP
2004-10-01 18:25:24.450 6346 2533 00000000 1E8C6E58 - X - X - - 0000
2004-10-01 18:25:25.220 24.58.144.14 XXX.XXX.XXX.XXX Normal 52 36161 113 TCP
2004-10-01 18:25:25.220 2533 6346 1E8C6E57 00000000 - - - - X - FFFF
2004-10-01 18:25:25.270 XXX.XXX.XXX.XXX 24.58.144.14 Normal 40 62021 128 TCP
2004-10-01 18:25:25.270 6346 2533 00000000 1E8C6E58 - X - X - - 0000
2004-10-01 18:26:33.270 80.221.185.71 XXX.XXX.XXX.XXX Normal 48 49390 109 TCP
2004-10-01 18:26:33.270 4628 445 7603B7AA 00000000 - - - - X - 4000
2004-10-01 18:26:33.270 XXX.XXX.XXX.XXX 80.221.185.71 Normal 40 62277 128 TCP
2004-10-01 18:26:33.270 445 4628 00000000 7603B7AB - X - X - - 0000
2004-10-01 18:26:34.370 80.221.185.71 XXX.XXX.XXX.XXX Normal 48 49932 109 TCP
2004-10-01 18:26:34.370 4628 445 7603B7AA 00000000 - - - - X - 4000
2004-10-01 18:26:34.370 XXX.XXX.XXX.XXX 80.221.185.71 Normal 40 62533 128 TCP
2004-10-01 18:26:34.370 445 4628 00000000 7603B7AB - X - X - - 0000
2004-10-01 18:27:22.710 209.214.178.68 XXX.XXX.XXX.XXX Normal 48 39644 119 TCP
2004-10-01 18:27:22.710 4588 445 BA966E02 00000000 - - - - X - 2238
2004-10-01 18:27:22.710 XXX.XXX.XXX.XXX 209.214.178.68 Normal 40 62789 128 TCP
2004-10-01 18:27:22.710 445 4588 00000000 BA966E03 - X - X - - 0000
2004-10-01 18:27:25.510 209.214.178.68 XXX.XXX.XXX.XXX Normal 48 39862 119 TCP
2004-10-01 18:27:25.510 4588 445 BA966E02 00000000 - - - - X - 2238
2004-10-01 18:27:25.560 XXX.XXX.XXX.XXX 209.214.178.68 Normal 40 63045 128 TCP
2004-10-01 18:27:25.560 445 4588 00000000 BA966E03 - X - X - - 0000
2004-10-01 18:27:30.280 216.78.95.103 XXX.XXX.XXX.XXX Normal 48 193 118 TCP
2004-10-01 18:27:30.280 3815 445 5378B112 00000000 - - - - X - 2238
2004-10-01 18:27:30.340 XXX.XXX.XXX.XXX 216.78.95.103 Normal 40 63301 128 TCP
2004-10-01 18:27:30.340 445 3815 00000000 5378B113 - X - X - - 0000
2004-10-01 18:27:32.540 216.78.95.103 XXX.XXX.XXX.XXX Normal 48 478 118 TCP
2004-10-01 18:27:32.540 3815 445 5378B112 00000000 - - - - X - 2238
2004-10-01 18:27:32.590 XXX.XXX.XXX.XXX 216.78.95.103 Normal 40 63557 128 TCP
2004-10-01 18:27:32.590 445 3815 00000000 5378B113 - X - X - - 0000
2004-10-01 18:28:52.950 66.173.156.200 XXX.XXX.XXX.XXX Normal 48 255 112 TCP
2004-10-01 18:28:52.950 3741 445 2A8B629C 00000000 - - - - X - FC00
2004-10-01 18:28:52.950 XXX.XXX.XXX.XXX 66.173.156.200 Normal 40 63813 128 TCP
2004-10-01 18:28:52.950 445 3741 00000000 2A8B629D - X - X - - 0000
2004-10-01 18:28:53.830 66.173.156.200 XXX.XXX.XXX.XXX Normal 48 436 112 TCP
2004-10-01 18:28:53.830 3741 445 2A8B629C 00000000 - - - - X - FC00
2004-10-01 18:28:53.830 XXX.XXX.XXX.XXX 66.173.156.200 Normal 40 64069 128 TCP
2004-10-01 18:28:53.830 445 3741 00000000 2A8B629D - X - X - - 0000
2004-10-01 18:28:54.650 66.173.156.200 XXX.XXX.XXX.XXX Normal 48 833 112 TCP
2004-10-01 18:28:54.650 3741 445 2A8B629C 00000000 - - - - X - FC00
2004-10-01 18:28:54.710 XXX.XXX.XXX.XXX 66.173.156.200 Normal 40 64325 128 TCP
2004-10-01 18:28:54.710 445 3741 00000000 2A8B629D - X - X - - 0000
2004-10-01 18:29:03.990 209.214.14.96 XXX.XXX.XXX.XXX Normal 48 26477 119 TCP
2004-10-01 18:29:03.990 4291 445 AA3CA47E 00000000 - - - - X - 2238
2004-10-01 18:29:08.330 209.214.14.96 XXX.XXX.XXX.XXX Normal 48 26737 119 TCP
2004-10-01 18:29:08.330 4291 445 AA3CA47E 00000000 - - - - X - 2238
2004-10-01 18:29:08.380 XXX.XXX.XXX.XXX 209.214.14.96 Normal 40 64837 128 TCP
2004-10-01 18:29:08.380 445 4291 00000000 AA3CA47F - X - X - - 0000
2004-10-01 18:29:43.860 209.214.13.207 XXX.XXX.XXX.XXX Normal 48 10172 119 TCP
2004-10-01 18:29:43.860 1223 445 1D66934A 00000000 - - - - X - 2238
2004-10-01 18:29:43.920 XXX.XXX.XXX.XXX 209.214.13.207 Normal 40 65093 128 TCP
2004-10-01 18:29:43.920 445 1223 00000000 1D66934B - X - X - - 0000
2004-10-01 18:30:21.870 209.214.148.160 XXX.XXX.XXX.XXX Normal 48 6764 119 TCP
2004-10-01 18:30:21.870 3693 445 9D085BE9 00000000 - - - - X - 2238
2004-10-01 18:30:21.930 XXX.XXX.XXX.XXX 209.214.148.160 Normal 40 65349 128 TCP
2004-10-01 18:30:21.930 445 3693 00000000 9D085BEA - X - X - - 0000
2004-10-01 18:30:59.990 209.214.148.160 XXX.XXX.XXX.XXX Normal 48 12118 119 TCP
2004-10-01 18:30:59.990 2159 445 A45F38AB 00000000 - - - - X - 2238
2004-10-01 18:31:00.050 XXX.XXX.XXX.XXX 209.214.148.160 Normal 40 70 128 TCP
2004-10-01 18:31:00.050 445 2159 00000000 A45F38AC - X - X - - 0000
|