I think they’re coming from Kathmandu

Early this morning, before I left for work, I was sitting at the iMac and noticed one of my Konfabulator widgets, called Who’s There?, was detecting traffic on the network. Nothing odd there, considering the iMac is both a web server and mail server, among other things. But this was not incoming mail or a visitor to this weblog. Who’s There? showed a machine with the IP number 202.51.64.144 was furiously trying to connect to my Samba server (aka Windows File Sharing), which allows Windows PCs to join my network. I checked the IP on DNS Stuff, and it resolved to something called Communications & Communicate Nepal, based in Kathmandu! When I turned off Windows File Sharing, the connection from 202.51.64.144 disappeared. As soon as I turned it on again, it came back almost instantly.

Needless to say, Windows File Sharing is going to stay off pending further investigations. I suspect it must have something to do with the Sasser worm that is spreading around the world at the moment, creating havoc for Windows PC users. Alarmingly, for us smug, “we are immune to viruses” Mac users, I found evidence that we, too, can fall victim to these malevolent worms when we have Windows File Sharing enabled.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s