Avian Gamers Network

I am continually getting alerts from my Norton Personal Firewall now about blocking various trojan horses trying to access the 'net. It is saying things like blocked an attempt to connect to another computer by SubSeven trojan horse, or Back Orifice 2000 trojan horse.

When I go to the more information stuff, it says:


It traces the IP to somewhere in Denver, but it is listed with a questionmark, as if it isn't sure. The IP addy is listed usually with some kind of bresnan address too, like IP 69.144.11.118.bresnan.something. I have cable internet through Bresnan, if that makes anything else become clear.

I've ran Norton Anti-Virus repeatedly, and searched every damn file on both of my hard drives, but it doesn't find any kind of a virus at all, and all the definitions and engines are totally up to date.

I've also started getting things like Invalid TCP Port attacks, or something. They are much less frequent, and Norton says they aren't much to worry about, although the software keeps telling me that the trojan horse attacks are of high risk.

And finally, reading here, http://securityresponse.symantec.com/avcente....an.html , it seems to me that this is a trojan horse that only has a chance at working on a network setup, which I don't have, and I don't know what the hell is going on.


So, do I need to be concerned about this, and if so, what do I need to do?

_________________
Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!

More info from my log, if it will be of help:

Details: Trojan attempt detected from address 65.94.163.84 by rule "Default Block Backdoor/SubSeven Trojan horse".
Blocked further access for 30 minutes.

Trojan attempt detected from address 69.144.11.118 by rule "Default Block Back Orifice 2000 Trojan horse".
Blocked further access for 30 minutes.

Intrusion: Invalid TCP Source Port
Intruder: 64.216.218.211
Risk Level: Low
Source IP address: 64.216.218.211
Destination IP address: peter(69.144.25.99)
TCP Source Port: 0. This is an invalid port number.
TCP Destination Port: 3128

Intrusion: Invalid ICMP Code
Intruder: 69.144.25.236
Risk Level: High
Source IP address: 69.144.25.236
Destination IP address: peter(69.144.25.99)
ICMP Type: 8
ICMP Code: 19. This ICMP Code is invalid.
Intrusion: Invalid TCP Flags
Intruder: 61.233.7.218
Risk Level: Medium
Source IP address: 61.233.7.218
Destination IP address: peter(69.144.25.99)
TCP Source Port: 1127
TCP Destination Port: 2032
TCP Flags invalid: 0x00000015.

_________________
Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!

Oftentimes when I receive these alerts they are from my cable company trying to contact me through my firewall. I can't tell you who is doing this but you needn't worry if your firewall caught it. Of course you need to worry about what your firewall isn't catching, but you'll never know about that.

_________________
"Chatfield, I think there's something wrong with our bloody ships." Admiral David Beatty, upon watching the battlecruiser Queen Mary explode at the battle of Jutland.

My name is Tobias Smith and I approved this post.