-
June 6th, 2002, 12:59 AM
#11
Wow, they make firewalls a bit fancier every day I guess. My firewall only sits there and blocks traffic. It hasn't ever given me any massages. And I really need one too... I've got such a crick in my neck.
-
June 6th, 2002, 01:21 AM
#12
Junior Member
Thx,
for the help..
I scan with every free/sharetool AntiVirus, Trojan removal tool i could find..
so far no Sub7 stuff detected...
i`m backtracking if i Dload something from Kazza, which most are mp3s...
but, then again i had a little house party this past weekend, now i`m wondering
if some idiot dload this SubSeven stuff...
it really got me paranoid...
Thx Guys!
Peace!
-
June 6th, 2002, 01:36 AM
#13
Senior Member
i keep getting this massage from my firewall
/me asks my firewall for a massage but he denies it every day... saying it's a Denial of his Service...
Not to play the devil's advocate or anything
Search First Ask Second. www.google.com
-
June 6th, 2002, 02:06 AM
#14
Re: My firewall block this attempt.. but need info
Originally posted here by LordChaos
Hi,
Im a newbie so, I don`t know if this the right place too put this or Newbie Question..
i keep getting this massage from my firewall
Attempt to connect to local computer using the backdoor/SubSeven Trojan blocked...
got this about 5 times
is this SubSeven lurking within my rig or someone else trying too access my P.C.
I`ll do some search on this SubSeven trojan..
Peace!
First off, you need to be a lot more specific with your question. When you say "from your firewall," for example, is it just saying that someone's trying to connect to you on the sub7 port or...??? There's a whole host of scenarios...
What firewall are you using? Is it a softward firewall by chance? What are you using to see the error message (ie. what warned you)? Is it by chance a log viewer on a hardware firewall?
My guesses are that your firewall's simply warning you that someone's trying to connect to that port on your machine, and, well, getting dropped... in any case, it's probably just an "FYI" type message - it's what firewalls do to tell you that they're actually working and your purchase of them is indeed needed.
BTW, here's the link to McAfee's VIL (Wirus Information Library) with the information on Sub7... hopefully it is of some use or, at least, educational:
http://vil.mcafee.com/dispVirus.asp?virus_k=10171
\"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"
-
June 11th, 2002, 07:24 PM
#15
From the message you are recieving I am guessing it is Norton Personal Firewall. If you run on a network (like high-speed internet) an attacker will run a port scan using the first couple numbers of his/her IP address (if they have the same internet service as you they will have a similar IP address and are on your service providers network) and find other peoples computers that are on the networks empty, unprotected ports. Your firewall is detecting that somone on your network is using a port scan. This is not dangerous if you have a firewall active. The reason that it is detecting it as backdoor/SubSeven is because the SubSeven program has a built in port scanner. I would scan for viruses anyways because if this is an attack, it means that your computer has an infected file (server file) that is somewhere on your computer. So if you scan for viruses and everything is clean, than these warnings are just port scan attempts because there is no way for a hacker to connect to your computer using a trojan (like subseven) without you having a server file (file infected with subseven) on your computer. I also suggest that you run an online security check to check for empty trojan ports. You can get a free Security Check that scans your computer for security leaks and active trojans (like subseven) on your computer here: http://security1.norton.com/ssc/home...QIZQVMUYTACDCO
At that address you can also scan for viruses.
-
June 11th, 2002, 07:29 PM
#16
If there is nothing being found on your computer with the virus scans, these are port scans. Norton Personal Firewall is set (default settings) to detect Port Scan attempts. This can be changed to not detect them by unchecking the box in Intrusion Detection that says Block Port Scans.
-
June 11th, 2002, 07:36 PM
#17
You can also set Kazaa to scan downloads. Go to Tools>Options>Filter and check "Filter file types that can potentially contain viruses". It doesn't scan the files but it gets a rough idea of what file types most viruses are.
-
June 11th, 2002, 08:29 PM
#18
Member
I scan with every free/sharetool AntiVirus, Trojan removal tool i could find..
caution should be taken when running "security tools" Ive found viruses and trojans this way there are sites out there created to just to share thier warez and in my opinion this is the easiest method of planting a trojan into somones network or computer give em a program to play wit plant some software designed to look good with a few custom featurez.
Try to stick to reputable sites and use demos if you have to, but as one of the sigs I saw in this thread BE Paranoid and try not to be reckless.
Personaly I hate being paranoid, and the more I learn the more paranoid I get....its a sickness I tell ya
best form of safe sex is abstanance
best form of a safe networks is ......there is none
Integrity...loyalty.....and the willingness to make a better world for us all.
-
October 4th, 2002, 11:24 AM
#19
Junior Member
It sounds to me as if someone is using a scanner to access any computer with Sub7 loaded
I would (although it doesnt solve the problem it gives you more info) copy the IP go to www.securityspace.com and paste the IP into their whois checker this particular whois gives excellent info I had 2 attempts from Egypt and Morocco did this and ended up with name address home tel no, e mail address,isp etc. and sent them a nice surprise!
Iwould ensure your firewall is running on stealth mode which will send out the message that your PC and all ports do not exist to would be hackers.
a good free firewall is www.zonealarm.com free for personal use
100% happy
Glasgow
Gods Country
[glowpurple]141[/glowpurple]
-
October 4th, 2002, 11:58 AM
#20
Did you check the dates on this thread? It is more than three months old - and some of the earlier posts answered his question anyway.
Originally posted here by mcknib
this particular whois gives excellent info
A special whois? There are ISP's that provide personal information on their clients from a whois query? Not too sure about that, of course, feel free to correct me
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|