12.04.2006 13:29:01 LSASS Exploit (SXP) attack
from 213.237.98.214:445
12.04.2006 13:49:17 LSASS Exploit (SXP) attack
from 213.237.98.214:445
12.04.2006 16:43:27 LSASS Exploit (SXP) attack
from 213.237.98.214:445
This is what the Network Shield Log says.
I am aware that the shield is protecting me, but what is it.
Hi Daffy,
Look here for info:
http://news.netcraft.com/archives/2004/05/01/sasser_worm_spreading_through_lsass_exploit.html
Attacks like this means your OS is not fully updated.
Install the patch mentioned there, but see to it that your OS and software is fully updated and patched, and keep this routine.
Surfing with limited rights will also help considerably.
polonus
I don’t think it means that the OS is not fully updated.
It just means that somebody else’s system got infected (probably because it wasn’t fully updated) and now the active malware is attacking your computer - and avast! has stopped the attack. If your computer is fully updated, you probably wouldn’t get compromised even if avast! wasn’t there, but it’s better be safe, or course.
I have downloaded all the newest updates from Microsoft, including the new ones from today.
My PC is always up to date whit the newest from windows update.
This LSASS attack must be fairly a new threat, because the homepage that the attack is comming from, never has caused any problems before.
But I should not be alarmed, is that what you say 
Daffy, do you know anyone at this location? If so, maybe a friend or other acquaintance has gotten the infection. If not, at least you know the city it came from.
how do I track down an IP address. ???
I don’t particular know anyone in Copenhagen, but I live in a little town 40 km from there.
I have encountered an attack again today from the same address.
13.04.2006 20:45:33 LSASS Exploit (SXP) attack
from 213.237.98.214:445
I don’t understand why and old virus like sasser, suddenly becomes that aggressive. I have used Avast for nearly one year, and never heard anything from my network shield before.
Something else pussels me.
I use xp-home sp2 incl. all security updates, avast home and xp´s firewall ( year!! I know. It´s no good )
Is sasser getting through my firewall or is avast network shield beyond my firewall.
Hi Daffy,
If the information is right, the source could be (through)
213.237.98.214.dhcp.frv.tiscali.dk [213.237.98.214]…, but this computer could be a victim as well. You could send an email reporting the abuse to abuseATtiscali.dk (AT of course = @).
This machine could be running Win 2xxx (because of the NBT port 445).
polonus
You might try sending a polite email to the above address Polonus supplied explaining your problem and ask if there is anything they can do about it. Be sure to include the information you gave in your first post as well as any other information concerning the attacks.
As Polonus. Igor, and I have both mentioned, the computer this is coming from may be compromised without the knowledge of the owner … an unpatched OS on that computer.
As free versions, these programs will not give a map as I did above but they do have graphs and the same general information can be found within these programs.
http://www.pingplotter.com/freewareentry.html
Damn you are good
I will try to do as suggested.
But can anyone explain me this. How comes that avast stops the attack, when I have a firewall. Should´nt the firewall block this before it gets to the network shield.
It depends on what driver is loaded first by Windows - firewall or avast!.
I have now sent an email to the abuse-address. A polite one
There has been no attacks today, so maybe its over for now, but somehow I dont believe in that.
Many thanks everybody. Your the greatest.