-
August 8th, 2004, 07:51 PM
#1
Junior Member
Attacks caught by Norton
I'm living in Greece , and every few days Norton alerts me of a blocked attempt to install a trojan horse on my system. Upon pinging the I.P. immediately after the attack , I get a message saying "Destinaton host unreachable". Can I close my ports to a certain I.P. or anything like that ? The ISP wouldn't give a s*** if alerted.
[shadow]Welcome to the Real World...[/shadow]
-
August 8th, 2004, 07:59 PM
#2
Which trojan is it?
A lot of this stuff uses spoofed addresses and runs automatically scanning networks/subnets.
-
August 8th, 2004, 08:03 PM
#3
yah it blocks it you had mentioned...
Have you ran a full system scan? To see if it detects anything...
Or have you port scanned yourself...this is a very good secureing ports method.
Closing ports to an IP i am almost possitive you cannot do that. But you should be able to block the IP from anything... along the lines of connection to your PC.
-
August 8th, 2004, 09:28 PM
#4
if you are using norton internet security 2004 then u may add that IP in the blocked list. This will ensure higher layer of protection from that ip.
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
August 8th, 2004, 09:28 PM
#5
Most likely it's not trying to install a trojan, but trying to connect to one. Client-ends to trojans usually offer scanning capability, so don't worry about it. Your firewall is doing its job. If you are really worried about it, block the IP in the firewall.
Scans are extremely common.
-
August 9th, 2004, 12:19 AM
#6
As Soda stated, the person probably is on the trojan client and is running a scanner of sort's probing IP's seeing if they have the server of that particular trojan installed. Nothing to be worried about and again as Soda stated, the scans are extremely common. My suggestion: Block the IP and scan your system for trojan's just to be safe. I recommend SwatIt which can be downloaded at http://swatit.org
-
August 9th, 2004, 07:09 PM
#7
Junior Member
It's Trois v1 . Someone was trying to connect to it , obviously after being informed i was online . I was looking for instructions on how to find or remove it , but there were none. But i stumbled upon this IP tracer and got the user name: http://security.symantec.com/ssc/vr_...ODEQOHBDJQEEFG . (So useful i'll have to post it in Forensics so less people miss it ) Im downloading the trojan scanner now.
[shadow]Welcome to the Real World...[/shadow]
-
August 9th, 2004, 07:14 PM
#8
Have you tried any anti-spyware programs like <insert uniform AO response:> Sypbot S&D and Adaware? And run them in safe mode?
-
August 9th, 2004, 07:36 PM
#9
Yeah, and I'd run the SwatIt in safe mode as well. It usually is a very long but thorough scan so scanning in safe mode is really recommended.
-
August 9th, 2004, 09:08 PM
#10
Nhk you can even give more details about the attack by clicking on aller assistant in the norton alert windows. it gives you details about the port and the type of connection the IP is trying to establish. If you provide that your problem might be more clear because certain rules in the norton firewall do generate wrong alerts.
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|