| Avian Gamers Network http://www.avian-gamers.net/forums/ |
|
| Anti-Virus/Firewall help http://www.avian-gamers.net/forums/viewtopic.php?f=1&t=8829 |
Page 1 of 1 |
| Author: | Cetera [ Sun Sep 21, 2003 3:07 am ] |
| Post subject: | Anti-Virus/Firewall help |
I am continually getting alerts from my Norton Personal Firewall now about blocking various trojan horses trying to access the 'net. It is saying things like blocked an attempt to connect to another computer by SubSeven trojan horse, or Back Orifice 2000 trojan horse. When I go to the more information stuff, it says: Quote: A computer with the IP address 69.144.11.118 attempted to connect to you computer with the Default Block Back Orifice 2000 Trojan Horse.
It traces the IP to somewhere in Denver, but it is listed with a questionmark, as if it isn't sure. The IP addy is listed usually with some kind of bresnan address too, like IP 69.144.11.118.bresnan.something. I have cable internet through Bresnan, if that makes anything else become clear. I've ran Norton Anti-Virus repeatedly, and searched every damn file on both of my hard drives, but it doesn't find any kind of a virus at all, and all the definitions and engines are totally up to date. I've also started getting things like Invalid TCP Port attacks, or something. They are much less frequent, and Norton says they aren't much to worry about, although the software keeps telling me that the trojan horse attacks are of high risk. And finally, reading here, http://securityresponse.symantec.com/avcente....an.html , it seems to me that this is a trojan horse that only has a chance at working on a network setup, which I don't have, and I don't know what the hell is going on. So, do I need to be concerned about this, and if so, what do I need to do? |
|
| Author: | Cetera [ Sun Sep 21, 2003 3:07 am ] |
| Post subject: | |
More info from my log, if it will be of help: Details: Trojan attempt detected from address 65.94.163.84 by rule "Default Block Backdoor/SubSeven Trojan horse". Blocked further access for 30 minutes. Trojan attempt detected from address 69.144.11.118 by rule "Default Block Back Orifice 2000 Trojan horse". Blocked further access for 30 minutes. Intrusion: Invalid TCP Source Port Intruder: 64.216.218.211 Risk Level: Low Source IP address: 64.216.218.211 Destination IP address: peter(69.144.25.99) TCP Source Port: 0. This is an invalid port number. TCP Destination Port: 3128 Intrusion: Invalid ICMP Code Intruder: 69.144.25.236 Risk Level: High Source IP address: 69.144.25.236 Destination IP address: peter(69.144.25.99) ICMP Type: 8 ICMP Code: 19. This ICMP Code is invalid. Intrusion: Invalid TCP Flags Intruder: 61.233.7.218 Risk Level: Medium Source IP address: 61.233.7.218 Destination IP address: peter(69.144.25.99) TCP Source Port: 1127 TCP Destination Port: 2032 TCP Flags invalid: 0x00000015. |
|
| Author: | tobiasds [ Sun Sep 21, 2003 8:07 am ] |
| Post subject: | |
Oftentimes when I receive these alerts they are from my cable company trying to contact me through my firewall. I can't tell you who is doing this but you needn't worry if your firewall caught it. Of course you need to worry about what your firewall isn't catching, but you'll never know about that. 
|
|
| Page 1 of 1 | All times are UTC - 5 hours [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|