SG Broadband Community

what would cause my activity light to keep flashing with pc on or off??

It's a SB3100 cable modem (AT&T@home)

What youz think ??

code red worm ..... most people are experiencing this right now

I'm have the same situation. I have @home and am using a com21 cable modem. I have a linux server as my firewall and have a win2k and win 98 PC hooked into the network.

My TD light continues to blink even if all the PC's are off. I have a sniffer set up and I don't get unexpected traffic logged.

I am guessing my modem may be going bad because this was not happening until this week some time.

I don't see how the code red worm could be at work here since it only impacts windows servers running IIS (???).

Yes, IIS, AND windows 2k.

This is a full scale Code Red Worm Attack! All we can do is either go to bed and forget about it or keep clearing out the firewall logs. It makes me mad that all these people were warned well in advance and still never applied the patches.

STV please see this thread

https://www.speedguide.net/forums/ ... adid=41570

have a nice day/night

DVD-r

My modem's lights haven't stopped blinking for the last week, but it's gotten noticably worse these last few days.

I'm not worried about it, but it just gets annoying after awhile.
I've gotten well over a hundred ZA alerts today, probably closer to two hundred.

Just gotta ignore it..... somehow.......

Dang blinking lights !

Originally posted by VonJames
My modem's lights haven't stopped blinking for the last week, but it's gotten noticably worse these last few days.

I'm not worried about it, but it just gets annoying after awhile.
I've gotten well over a hundred ZA alerts today, probably closer to two hundred.

Just gotta ignore it..... somehow.......

Dang blinking lights !

I know what you mean. Just turn the modem 180 degrees, so the lights aren't facing you, for awhile!

try wrapping the modem in tin foil........it will keep you from seeing the blinking light and it can shield your modem from any RF interfearance as well

i hear it will keep the GOV. satellites from being to pic up the RF from your modem and monitor your net usage as well

if you are extreamly concerned about THE MAN you need to shield your monitor as well to keep those pesky satellites from picking up the RF from it and re-imaging it into a picture

I just paimted over the activity light with black paint.... I'll keep intouch for the all clear so I can scrape it off...

But you'll all probobly lieto me and I'll never scrape it off

Didn't say I was paranoid rodrod5.
The man can kiss my big ol' butt. hahahaaa


(Peter Lorre voice)> it's just the incessant flashing, it... it makes me want to kill something........

(hopefully you all know who Peter Lorre is)

Hehe, turn it around, I did blebs99.
It was fairly near my monitor and it was just an annoyance while trying to read.
Ever have a tiny bug that keeps buzzing by your screen ?
WHACK!!

Originally posted by blebs99
This is a full scale Code Red Worm Attack! All we can do is either go to bed and forget about it or keep clearing out the firewall logs. It makes me mad that all these people were warned well in advance and still never applied the patches.

Bleeb,

I'm not sure if you're pissed at the world or one of us... I am running Linux as a firewall (immune) and I am patched up as far as i know. My clients are win 98 (immune) and W2K, fully patched and I update my virus scan software (nortons) daily.

I asked my question because my TD light keeps flassing yet I see no packets going out with the sniffer. I haven't had a virus successful on my network in 3+ years. Definitely am not going to bed or just clearing my firewall logs.

I guess the software on my modem could be infected, but I don't know how to sniff packets from the modem since it is outside of my network. Can I? How do I find the address of the modem?

Signed,

Wide awake and jumping on any unusual situation....

I'm not upset in the least bit with those persons who have taken all the caution seriously. I'm upset because there are Servers out there, right now, multiplying this thing because some sys admin had there head up their shorts and refused to do anything to stop this. It has a NEW VARIANT that installs a backdoor trojan in order to take over the servers infected!
See this thread!

VonJames: You mean like the annoying flashing A on the Zone Alarm Icon! I hate flashing warnings. Makes me feel like I'm being nuked.

Well that too now that you mention it, but mainly my modem lights, because I had it sitting off to the side of my monitor.

Not right next to it, but you could easily see it peripherally. hehe

Jmaggio, I seriously doubt that your modem is bad.
From your description, your system sounds secure.

You're seeing the hits from all the machines infected with code red trying to find others to infect.

I have both of my activity lights blinking too, but no data is going out.
Since you have your win2k machines patched and you're not running an IIS server, then you shouldn't have any worries other than the usual hacker probes.

Man this SuX Zone Alarm shows 95 alerts and thats in just a couple of hours

if you put a lil piece of foil down in the bottom right of the screen then you can block that lil zone alarm icon that is flashing red and green as well

Well, I did hide my tool bar, but I found that I can't live without my clock! hmm, oh well, just have to get used to it.

I woundnt, worry about it too much, the worst that could happen is slight packet loss, and being annoyede by the flashing lights, hey you could pretend its a christmas tree!

As I post this, I'm looking at a trace taken from the upstream side of my router going into Time Warner's RoadRunner cloud. Most of what I have collected are ARP requests coming from a number of different devices, most of which have been identified as TW's routers. Is this a symptom of a Code Red attack? I'm seeing ARPs that have no business being in my neck of the woods (Cincinatti-based router, and I'm nowhere near there) and subnets that I've never seen before. Anybody else seeing this?

Is there a way for me to see the packets that are coming ang going from my cable modem and not going to my PC?

I have a sniffer set up on my local lan, including the external address on my firewall, however they show little activity as my lights keep flashing on the modem.

You will need to connect the sniffer to the segment that is directly attached to your ISP. If you have a router, then the link between it and the cable modem is where you want to be. To do this, you will more than likely require a hub to be inserted into this connection and this will allow the sniffer, router and cable modem to "see" the same traffic. Monitoring the private side of the router will not reveal anything on the ISP side unless you configure it to pass traffic not normally allowed. On the other hand, if the PC running your analyzer is connected directly to the modem, or if you are attached to a HUB (not switch) and then to a cable modem, then you should already be on the proper network segment.

Hot damit, ZoneAlarm has blocked nearly 200 connections attemtts during the last 7 hours..I usually don't have any attampts at all, (and yeah 99% of the source ip is similar to mine).

Originally posted by SnapETom
As I post this, I'm looking at a trace taken from the upstream side of my router going into Time Warner's RoadRunner cloud. Most of what I have collected are ARP requests coming from a number of different devices, most of which have been identified as TW's routers. Is this a symptom of a Code Red attack? I'm seeing ARPs that have no business being in my neck of the woods (Cincinatti-based router, and I'm nowhere near there) and subnets that I've never seen before. Anybody else seeing this?

That certainly is the issue SnapETom. ARP requests galore here from Tampa bay RR and today a couple of others too! Yes, it's the worm.

same problem here, blinking lights galore