Quote:
Originally Posted by mbpark
Your average user will not be running Wireshark on another PC and scanning their network to see the unexplained IP traffic. If they did, chances are that they are smart enough to not get rooted.
|
I routinely see unsolicited probing lately of port 445 - a file download port and what is used by Microsoft Download Service. Don't recall seeing these many months ago. These unsolicited probes are now numerous - more numerous than the constant message from China that attempts to pop up and says, "Your computer is corrupted. Click on this to download a cleaner." I once would see (and block) that one maybe every 40 minutes.
Is there somewhere to look at a currently stored DNS table? Is that where a rootkit would corrupt DNS? (Had not thought about that type of corruption).
Popups are supposed to be blocked on my machine. However zedo.com does get their advertisement pop up when I access one web site. I have their IP address blocked in the firewall. However that has always bothered me that that their popup gets through.