|
-
April 29th, 2002, 11:03 PM
#1
Junior Member
Have I got this right?
My Norton Personal Firewall logged this.
Date: 28/04/2002 Time: 22:00:35
Rule "Default Block NetBus Trojan horse" blocked (80.193.32.53,NetBus(12345)). Details:
Inbound TCP connection
Local address,service is (my ip,NetBus(12345))
Remote address,service is (his ip,3667)
Process name is "N/A"
Since it logged this it surely means I was attacked by this ip right? I hope so because I traced it so somewhere 2600 miles away from New York. I got in touch with his isp admin, and told him to be lenient, and just give a warning, which he has done. But did I get it right. Had he definitly attacked me, or was he just some innocent guy.
-
April 29th, 2002, 11:04 PM
#2
Junior Member
-
April 30th, 2002, 12:16 AM
#3
There's no way to tell for sure if the person behind that ip is actually the one that attacked you. For instance, he could've been hacked himself, and someone could be probing you trough his ip. Either way, he has a security problem - his ISP knows this kind of stuff, they'll act according their rules of conduct.
Furthermore, I don't know how sophisticated Norton PF is: does it actually check for inbound NetBus data or does it just monitor and block port 12345? If the latter is the case, someone was probably just portscanning.
I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.
-
April 30th, 2002, 12:33 AM
#4
Since it logged this it surely means I was attacked by this ip right? I hope so because I traced it so somewhere 2600 miles away from New York. I got in touch with his isp admin, and told him to be lenient, and just give a warning, which he has done. But did I get it right. Had he definitly attacked me, or was he just some innocent guy.
Yes you were attacked by this IP but that doesn't mean to say that the attacker hasn't spoofed or hidden his real IP in some way. Because of the nature of the attack (come on using NetBus?!?) I'd say that the attacker doesn't have the brain power to hide himself too well.
In any case, you did exactly the right thing. You contacted the ISP of the IP address and had a polite word. This is the best thing that you can do. Any ISP worth their salt will chase this up and deal with the offending party in the appropriate manner  .
OpenBSD - The proactively secure operating system.
-
April 30th, 2002, 12:42 AM
#5
I agree smirc who ever tried to attack him was a real Lamer no one uses netbus I mean netbus used to be a kinda hacker trojan but it has evolved into a more lagimate trojan.
-
April 30th, 2002, 01:53 AM
#6
but it has evolved into a more lagimate trojan.
remote administrating tool I think their calling it now  the firm behind it has started producing a whole range of spyware for admins to use on office computers!
v_Ln
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
