May 19th, 2004, 02:24 PM
Constant Trojan Attacks By Soket de Trois
I have Norton firewall installed on my machine and for the past three days I have been under constant attack every five minutes from someone using the soket de trois trojan.
The IP address changes but seems to emanate from a city in South Carolina, I have tried to find ISP by IP but was unable to match up.
This is getting old now and I was wondering if someone could help me to stop this happening.
Thanks for any help!
May 19th, 2004, 02:31 PM
The only reason that it's "getting old now", is because you keep looking at your logs. Set it up so you're not being actively notified on attempts, and just ignore your firewall, knowing that it's doing what it's supposed to do.
Any computer connected to the internet these days will be hammered non-stop by some worm or another. Don't waste your time trying to "deal" with them.
May 19th, 2004, 02:53 PM
May 19th, 2004, 03:08 PM
It's not sockets de troie! The rise in probes on port 5000 are contributed to the appearance of 2 new worms. These are Bobax and Kibuv. See my thread here.
Experience is something you don't get until just after you need it.
May 19th, 2004, 03:52 PM
I'm running win 98, my firewall is detecting and blocking these attacks, I'm assuming that they are not getting through........
May 19th, 2004, 04:49 PM
hmm..yeah port 5000 has reportedly been taking a hit on a lot of computers,I assumed it was either someone checking for the trojan or some kind of worm..thnx SirDice
May 19th, 2004, 05:47 PM
How exactly are you going about trying to find the ISP?
Port 5000 eh? I'll have to check that port on my firewall, any idea's on what this port's purpose is?
May 19th, 2004, 05:49 PM
The port used for "Universal Plug and Play" in Windows XP.
May 19th, 2004, 09:12 PM
Not being hit on any of my machine's, but then again none of mine are XP. What firewall are you using? And you said your runnig Win98 (which I have on one of my boxes) and your getting probed. If your saying your firewall is blocking access to the port and is stopping the attack, you have nothing to worry about. You will always be probed for various port's all the time, some more than other's though.
May 19th, 2004, 10:28 PM
To the Duck:
This site can help find someones ISP through IP, just type in the ip in the box and click submit, it should also come up with an email address for the isp.