Looks like it does a tcp scan on 139 and 445
On 5/19/10,
kitepilot@kitepilot.com <
kitepilot@kitepilot.com> wrote:
> Hello World:
> Long story short:
> I got an "official" notification that a computer behind my Linux firewall
> has the "Win32.Worm.Allaple.Gen" virus.
>
> I have some 150 puters NAT(ed) behind that firewall and no access whatsoever
> to any of them.
>
> Question is:
> What can I do at the Firewall level to identify the virus' traffic so I can
> harvest the puter's IP address...
> Thanks!
> ET
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
Sent from my mobile device
James Finstrom
Rhino Equipment Corp.
http://rhinoequipment.com ~
http://postug.com
Phone: 1-877-RHINO-T1 ~ FAX: +1 (480) 961-1826
Twitter:
http://twitter.com/rhinoequipment
IP:
guest@asterisk.rhinoequipment.com
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss