Early this morning, before I left for work, I was sitting at the iMac and noticed one of my Konfabulator widgets, called Who’s There?, was detecting traffic on the network. Nothing odd there, considering the iMac is both a web server and mail server, among other things. But this was not incoming mail or a visitor to this weblog. Who’s There? showed a machine with the IP number 220.127.116.11 was furiously trying to connect to my Samba server (aka Windows File Sharing), which allows Windows PCs to join my network. I checked the IP on DNS Stuff, and it resolved to something called Communications & Communicate Nepal, based in Kathmandu! When I turned off Windows File Sharing, the connection from 18.104.22.168 disappeared. As soon as I turned it on again, it came back almost instantly.
Needless to say, Windows File Sharing is going to stay off pending further investigations. I suspect it must have something to do with the Sasser worm that is spreading around the world at the moment, creating havoc for Windows PC users. Alarmingly, for us smug, “we are immune to viruses” Mac users, I found evidence that we, too, can fall victim to these malevolent worms when we have Windows File Sharing enabled.