Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

1400 connection attempts to port tcp:135

Hi Experts.

A PC in my Customer's network has a very strange traffic profile: almost 1400 connection attempts to public addresses on tcp port 135.

Do you think the PC infected by a virus?

Thank you!

===================================

Pix# sh conn lo 192.168.70.25

1392 in use, 1522 most used

TCP out A.B.231.245:135 in 192.168.70.25:1977 idle 0:01:34 Bytes 0 flags saA

TCP out A.B.231.96:135 in 192.168.70.25:1828 idle 0:01:48 Bytes 0 flags saA

TCP out A.B.235.51:135 in 192.168.70.25:2808 idle 0:00:19 Bytes 0 flags saA

TCP out A.B.234.136:135 in 192.168.70.25:2637 idle 0:00:36 Bytes 0 flags saA

TCP out A.B.235.84:135 in 192.168.70.25:2841 idle 0:00:16 Bytes 0 flags saA

TCP out A.B.230.243:135 in 192.168.70.25:1719 idle 0:01:57 Bytes 0 flags saA

TCP out A.B.232.232:135 in 192.168.70.25:2221 idle 0:01:12 Bytes 0 flags saA

TCP out A.B.234.188:135 in 192.168.70.25:2689 idle 0:00:30 Bytes 0 flags saA

TCP out A.B.234.247:135 in 192.168.70.25:2748 idle 0:00:25 Bytes 0 flags saA

TCP out A.B.232.51:135 in 192.168.70.25:2039 idle 0:01:28 Bytes 0 flags saA

TCP out A.B.233.171:135 in 192.168.70.25:2416 idle 0:00:55 Bytes 0 flags saA

TCP out A.B.231.241:135 in 192.168.70.25:1973 idle 0:01:35 Bytes 0 flags saA

TCP out A.B.232.2:135 in 192.168.70.25:1990 idle 0:01:34 Bytes 0 flags saA

TCP out A.B.235.38:135 in 192.168.70.25:2795 idle 0:00:21 Bytes 0 flags saA

TCP out A.B.231.226:135 in 192.168.70.25:1958 idle 0:01:35 Bytes 0 flags saA

<snip>

1 REPLY
Gold

Re: 1400 connection attempts to port tcp:135

Hi,

The symtoms you are seeing looks like the 'Nachi' virus, please read the following document:

http://www.sophos.co.uk/virusinfo/analyses/w32nachid.html

Hope this helps and let me know how you get on.

Thanks - Jay

127
Views
0
Helpful
1
Replies