Attacks caught by Norton
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Attacks caught by Norton

  1. #1
    Junior Member
    Join Date
    Aug 2003
    Posts
    14

    Attacks caught by Norton

    I'm living in Greece , and every few days Norton alerts me of a blocked attempt to install a trojan horse on my system. Upon pinging the I.P. immediately after the attack , I get a message saying "Destinaton host unreachable". Can I close my ports to a certain I.P. or anything like that ? The ISP wouldn't give a s*** if alerted.
    [shadow]Welcome to the Real World...[/shadow]

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Which trojan is it?

    A lot of this stuff uses spoofed addresses and runs automatically scanning networks/subnets.


  3. #3
    Senior Member
    Join Date
    Jun 2004
    Posts
    184
    yah it blocks it you had mentioned...
    Have you ran a full system scan? To see if it detects anything...
    Or have you port scanned yourself...this is a very good secureing ports method.
    Closing ports to an IP i am almost possitive you cannot do that. But you should be able to block the IP from anything... along the lines of connection to your PC.

  4. #4
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    if you are using norton internet security 2004 then u may add that IP in the blocked list. This will ensure higher layer of protection from that ip.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  5. #5
    Most likely it's not trying to install a trojan, but trying to connect to one. Client-ends to trojans usually offer scanning capability, so don't worry about it. Your firewall is doing its job. If you are really worried about it, block the IP in the firewall.

    Scans are extremely common.

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    As Soda stated, the person probably is on the trojan client and is running a scanner of sort's probing IP's seeing if they have the server of that particular trojan installed. Nothing to be worried about and again as Soda stated, the scans are extremely common. My suggestion: Block the IP and scan your system for trojan's just to be safe. I recommend SwatIt which can be downloaded at http://swatit.org
    Space For Rent.. =]

  7. #7
    Junior Member
    Join Date
    Aug 2003
    Posts
    14
    It's Trois v1 . Someone was trying to connect to it , obviously after being informed i was online . I was looking for instructions on how to find or remove it , but there were none. But i stumbled upon this IP tracer and got the user name: http://security.symantec.com/ssc/vr_...ODEQOHBDJQEEFG . (So useful i'll have to post it in Forensics so less people miss it ) Im downloading the trojan scanner now.
    [shadow]Welcome to the Real World...[/shadow]

  8. #8
    Have you tried any anti-spyware programs like <insert uniform AO response:> Sypbot S&D and Adaware? And run them in safe mode?

  9. #9
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Yeah, and I'd run the SwatIt in safe mode as well. It usually is a very long but thorough scan so scanning in safe mode is really recommended.
    Space For Rent.. =]

  10. #10
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Nhk you can even give more details about the attack by clicking on aller assistant in the norton alert windows. it gives you details about the port and the type of connection the IP is trying to establish. If you provide that your problem might be more clear because certain rules in the norton firewall do generate wrong alerts.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •