Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: My firewall block this attempt.. but need info

  1. #11
    str34m3r
    Guest
    Wow, they make firewalls a bit fancier every day I guess. My firewall only sits there and blocks traffic. It hasn't ever given me any massages. And I really need one too... I've got such a crick in my neck.

  2. #12
    Junior Member
    Join Date
    May 2002
    Posts
    6
    Thx,

    for the help..

    I scan with every free/sharetool AntiVirus, Trojan removal tool i could find..
    so far no Sub7 stuff detected...

    i`m backtracking if i Dload something from Kazza, which most are mp3s...
    but, then again i had a little house party this past weekend, now i`m wondering
    if some idiot dload this SubSeven stuff...

    it really got me paranoid...


    Thx Guys!

    Peace!

  3. #13
    Senior Member
    Join Date
    Dec 2001
    Posts
    243
    i keep getting this massage from my firewall
    /me asks my firewall for a massage but he denies it every day... saying it's a Denial of his Service...
    Not to play the devil's advocate or anything
    Search First Ask Second. www.google.com

  4. #14
    Senior Member
    Join Date
    Apr 2002
    Posts
    711

    Re: My firewall block this attempt.. but need info

    Originally posted here by LordChaos
    Hi,

    Im a newbie so, I don`t know if this the right place too put this or Newbie Question..

    i keep getting this massage from my firewall

    Attempt to connect to local computer using the backdoor/SubSeven Trojan blocked...
    got this about 5 times

    is this SubSeven lurking within my rig or someone else trying too access my P.C.

    I`ll do some search on this SubSeven trojan..


    Peace!
    First off, you need to be a lot more specific with your question. When you say "from your firewall," for example, is it just saying that someone's trying to connect to you on the sub7 port or...??? There's a whole host of scenarios...

    What firewall are you using? Is it a softward firewall by chance? What are you using to see the error message (ie. what warned you)? Is it by chance a log viewer on a hardware firewall?

    My guesses are that your firewall's simply warning you that someone's trying to connect to that port on your machine, and, well, getting dropped... in any case, it's probably just an "FYI" type message - it's what firewalls do to tell you that they're actually working and your purchase of them is indeed needed.


    BTW, here's the link to McAfee's VIL (Wirus Information Library) with the information on Sub7... hopefully it is of some use or, at least, educational:

    http://vil.mcafee.com/dispVirus.asp?virus_k=10171
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

  5. #15
    From the message you are recieving I am guessing it is Norton Personal Firewall. If you run on a network (like high-speed internet) an attacker will run a port scan using the first couple numbers of his/her IP address (if they have the same internet service as you they will have a similar IP address and are on your service providers network) and find other peoples computers that are on the networks empty, unprotected ports. Your firewall is detecting that somone on your network is using a port scan. This is not dangerous if you have a firewall active. The reason that it is detecting it as backdoor/SubSeven is because the SubSeven program has a built in port scanner. I would scan for viruses anyways because if this is an attack, it means that your computer has an infected file (server file) that is somewhere on your computer. So if you scan for viruses and everything is clean, than these warnings are just port scan attempts because there is no way for a hacker to connect to your computer using a trojan (like subseven) without you having a server file (file infected with subseven) on your computer. I also suggest that you run an online security check to check for empty trojan ports. You can get a free Security Check that scans your computer for security leaks and active trojans (like subseven) on your computer here: http://security1.norton.com/ssc/home...QIZQVMUYTACDCO

    At that address you can also scan for viruses.

  6. #16
    If there is nothing being found on your computer with the virus scans, these are port scans. Norton Personal Firewall is set (default settings) to detect Port Scan attempts. This can be changed to not detect them by unchecking the box in Intrusion Detection that says Block Port Scans.

  7. #17
    You can also set Kazaa to scan downloads. Go to Tools>Options>Filter and check "Filter file types that can potentially contain viruses". It doesn't scan the files but it gets a rough idea of what file types most viruses are.

  8. #18
    I scan with every free/sharetool AntiVirus, Trojan removal tool i could find..
    caution should be taken when running "security tools" Ive found viruses and trojans this way there are sites out there created to just to share thier warez and in my opinion this is the easiest method of planting a trojan into somones network or computer give em a program to play wit plant some software designed to look good with a few custom featurez.

    Try to stick to reputable sites and use demos if you have to, but as one of the sigs I saw in this thread BE Paranoid and try not to be reckless.
    Personaly I hate being paranoid, and the more I learn the more paranoid I get....its a sickness I tell ya

    best form of safe sex is abstanance
    best form of a safe networks is ......there is none
    Integrity...loyalty.....and the willingness to make a better world for us all.

  9. #19
    Junior Member
    Join Date
    Aug 2001
    Posts
    2
    It sounds to me as if someone is using a scanner to access any computer with Sub7 loaded
    I would (although it doesnt solve the problem it gives you more info) copy the IP go to www.securityspace.com and paste the IP into their whois checker this particular whois gives excellent info I had 2 attempts from Egypt and Morocco did this and ended up with name address home tel no, e mail address,isp etc. and sent them a nice surprise!

    Iwould ensure your firewall is running on stealth mode which will send out the message that your PC and all ports do not exist to would be hackers.

    a good free firewall is www.zonealarm.com free for personal use

    100% happy
    Glasgow
    Gods Country
    [glowpurple]141[/glowpurple]

  10. #20
    Senior Member
    Join Date
    Jun 2002
    Posts
    405
    Did you check the dates on this thread? It is more than three months old - and some of the earlier posts answered his question anyway.

    Originally posted here by mcknib
    this particular whois gives excellent info
    A special whois? There are ISP's that provide personal information on their clients from a whois query? Not too sure about that, of course, feel free to correct me

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •