Help ... and Advice Me Please !!!
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Help ... and Advice Me Please !!!

  1. #1
    Junior Member
    Join Date
    Dec 2001
    Posts
    4

    Exclamation Help ... and Advice Me Please !!!

    This are just some of 204 attempts on my log . Same IP address ... Whats the best thing to do ... I need Help Please !!!!!

    He do it everynow and then ...

    A computer in your Banned IP list at 112.a.005.syd.iprimus.net.au has attempted

    ***to access TCP port 31337 on your machine.
    TCP port 31337 is commonly used by the Baron Night / Back Orifice Client / Back Orifice 2 / Bo Facil / BackFire / Deep BO service or program.

    ***to access TCP port 6000 on your machine.
    TCP port 6000 is commonly used by the X Window System service or program.

    *** to access TCP port 50766 on your machine.
    TCP port 50766 is commonly used by the Schwindler 1.82 service or program. The Source computer has scanned your machine for this trojan, but this has been blocked by our security filters.

    ***to access TCP port 777 on your machine.
    TCP port 777 is commonly used by the Multiling HTTP service or program.

    *** to access TCP port 54321 on your machine.
    TCP port 54321 is commonly used by the School Bus / Back Orifice 2000 service or program. The Source computer has scanned your machine for this trojan

    ***to access TCP port 6670 on your machine.
    TCP port 6670 is commonly used by the Vocaltec Global Online Directory / Deep Throat Trojan service or program

    ***to access TCP port 27374 on your machine.
    TCP port 27374 is commonly used by the Sub 7 Trojan Scan service or program. The Sub 7 Trojan.

    ***to access TCP port 8080 on your machine.
    TCP port 8080 is commonly used by the RingZero Trojan / HTTP Alternate (see port 80) service or program

    This are just some of 204 attempts on my log . Same IP address ... Whats the best thing to do ... I need Help Please !!!!!

    Thanks

    P.S.

    Sorry if my post is too long ... This is my first time to post ... i dont know if there is a limit ... anyway THANKS !!!
    MY SKULL IS EMPTY ... FILL SOME ON IT... and i WILL do the same TO OTHERS ...
    Share on Google+

  2. #2
    Senior Member
    Join Date
    Jul 2001
    Posts
    143
    'ello!

    I would imagine that if it logged the attempts, it also blocks the attempt, which means that those are the ports you don't have to worry about. Basically, it seems whoever it is, is just trying to find a quick easy way to take over your desktop without doing too much work. You can send your log to the abuse e-mail address at this person's ISP, but nothing normally comes of that. Primarily, you should be worried about making sure you have no trojans, and no exploitable services, cause that is what that person is trolling for.

    Maybe if you give us some more information on your system, and we can let you know how to specifically lock down your system, but in general it seems like your firewall is doing its job.

    Regards,
    Wizeman

    P.S. The webpage for that ISP is: http://www.iprimus.com.au/
    I'd suggest calling them if you care enough, or just e-mail the addresses that you feel are pertinent with a well thought out complaint, and make sure you attach the log.
    \"It\'s only arrogrance if you can\'t back it up, otherwise it is confidence.\" - Me
    Share on Google+

  3. #3
    Junior Member
    Join Date
    Nov 2001
    Posts
    17

    Exclamation Attempts

    Hyperxxx,

    What firewall are you using?
    There are numerous programs that allow you to scan open ports on your PC, am doing one right now.

    As Wizeman says, if these are just logging attempts you should be ok.
    Share on Google+

  4. #4
    Senior Member
    Join Date
    Aug 2001
    Posts
    267

    'abuse' account

    Every ISP has an 'abuse' department that handles hack attempts, spammers, etc.

    It is usually 'abuse@xxx.xxx' You're ISP probably has the same.

    Send them copies of your log, with an email. They will contact jprimus.

    Most people are unaware that when they sign up for an internet account they sign an 'Acceptable Internet Usage Policy' agreement forbidding them to interfere with any other internet user, or computer. By violating that agreement, they lose their account.
    Share on Google+

  5. #5
    Senior Member
    Join Date
    Oct 2001
    Posts
    677

    Cool

    1) Make sure that IP is added to your Blocked or Restricted list
    2) Update your anti-virus
    3) Scan for viruses
    4) go to www.grc.com and scan for open ports to check that your firewall is working
    5) If there are ports open that shouldn't be, manually block access to them in your firewall options, then scan again
    6) Repeat process until you're happy that the system is secure
    7) Try to report the abuse to the ISP, as stated in the above posts
    8) Apart from that, if it's blocking it you have nothing to worry about, so just ignore it.
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net
    Share on Google+

  6. #6
    Senior Member
    Join Date
    Aug 2001
    Posts
    259

    Unhappy IRC

    were you on IRC? there are some scripts that log ip addresses and run a scan on an the addresses looking for trojans.
    Share on Google+

  7. #7
    Junior Member
    Join Date
    Dec 2001
    Posts
    4

    Angry irc ...

    yeah i am using an MIRC ... there is where my friends are... how can i secure my entire pc and yet still using mIRC .. Thanks Guys for the help !
    MY SKULL IS EMPTY ... FILL SOME ON IT... and i WILL do the same TO OTHERS ...
    Share on Google+

  8. #8
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    Allow access to Port 6667 and NOTHING ELSE (Although that way Internet Explorer etc. won't work, but you get the idea, make sure that everything is blocked apart from 6667 and the ports used by IE etc.)
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net
    Share on Google+

  9. #9
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    Originally posted by Rewandythal
    Allow access to Port 6667 and NOTHING ELSE (Although that way Internet Explorer etc. won't work, but you get the idea, make sure that everything is blocked apart from 6667 and the ports used by IE etc.)
    Just to emphasize (I know you meant it, Rew), but that is remote TCP port 6667. This doesn't stop someone from doin weird stuff by using 6667 as their source port, but that would be very rare unless you were being specifically targeted by a determined intruder.

    Common remote ports you might want to keep open:
    80 (HTTP)
    443 (HTTPS, secure credit-card-y stuff)
    110 (POP3, Checking email via Eudora or Outlook Express, most likely)
    6667 (IRC, there may be variations like 7000, for some servers.)

    As for ICQ/AIM/MSN, well, that's a whole new can of worms.
    [HvC]Terr: L33T Technical Proficiency
    Share on Google+

  10. #10
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    Yeah, sorry, I didn't make that clear.
    Allow access to those remote ports only, and if you use ZoneAlarm or something similar it will only allow access to ports your software is connecting on locally anyway (in other words, whichever port IE chooses to communicate through, ZA will allow access to that *if* IE is in your allowed programs list, that is as long as your internet zone setting is on High security... ports not in use by an authorised program are stealthed.)
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •