Have I got this right?
Results 1 to 6 of 6

Thread: Have I got this right?

  1. #1
    Junior Member
    Join Date
    Oct 2001
    Posts
    13

    Have I got this right?

    My Norton Personal Firewall logged this.

    Date: 28/04/2002 Time: 22:00:35
    Rule "Default Block NetBus Trojan horse" blocked (80.193.32.53,NetBus(12345)). Details:
    Inbound TCP connection
    Local address,service is (my ip,NetBus(12345))
    Remote address,service is (his ip,3667)
    Process name is "N/A"

    Since it logged this it surely means I was attacked by this ip right? I hope so because I traced it so somewhere 2600 miles away from New York. I got in touch with his isp admin, and told him to be lenient, and just give a warning, which he has done. But did I get it right. Had he definitly attacked me, or was he just some innocent guy.

  2. #2
    Junior Member
    Join Date
    Oct 2001
    Posts
    13

    oops

    damn

  3. #3
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    There's no way to tell for sure if the person behind that ip is actually the one that attacked you. For instance, he could've been hacked himself, and someone could be probing you trough his ip. Either way, he has a security problem - his ISP knows this kind of stuff, they'll act according their rules of conduct.

    Furthermore, I don't know how sophisticated Norton PF is: does it actually check for inbound NetBus data or does it just monitor and block port 12345? If the latter is the case, someone was probably just portscanning.
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    638
    Since it logged this it surely means I was attacked by this ip right? I hope so because I traced it so somewhere 2600 miles away from New York. I got in touch with his isp admin, and told him to be lenient, and just give a warning, which he has done. But did I get it right. Had he definitly attacked me, or was he just some innocent guy.
    Yes you were attacked by this IP but that doesn't mean to say that the attacker hasn't spoofed or hidden his real IP in some way. Because of the nature of the attack (come on using NetBus?!?) I'd say that the attacker doesn't have the brain power to hide himself too well.

    In any case, you did exactly the right thing. You contacted the ISP of the IP address and had a polite word. This is the best thing that you can do. Any ISP worth their salt will chase this up and deal with the offending party in the appropriate manner .
    OpenBSD - The proactively secure operating system.

  5. #5
    Banned
    Join Date
    Sep 2001
    Posts
    64
    I agree smirc who ever tried to attack him was a real Lamer no one uses netbus I mean netbus used to be a kinda hacker trojan but it has evolved into a more lagimate trojan.

  6. #6
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    but it has evolved into a more lagimate trojan.
    remote administrating tool I think their calling it now the firm behind it has started producing a whole range of spyware for admins to use on office computers!

    v_Ln

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •