Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Trogen horse's

  1. #11
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Am i the only sane person in a world gone mad.
    Or should we all format our HDD and re-install because our firewalls have detected a scan for sub7/back orifice/deap throat/what ever.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  2. #12
    well ive nothing new to say but to repeat to what others have said,

    download one of these and get you system cleaned of any torjan horse

    http://www.commodon.com/threat/threat-sub7.htm

    http://www.polderware.com/software/security.shtml

    http://securityresponse.symantec.com...00.trojan.html



    also in your norten security pack enable the fire wall,if it doesn't ( ive nvr used the used it) the go and download zone alarm (its free)

    http://www.zonelabs.com/store/conten...ap_za_grid.jsp

    as some one above me said keep updating your antivirus ,as with out it it is use less
    also as jinxy said
    If you try to do that for each ip address that NIS reports an attempt to connect from you will spend the rest of your life putting ip addresses into the blocked part of the firewall.
    and by the way jinxy nice explanation !!

    offtopic:
    is it spelled as torJan or torGen??

  3. #13
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466

    Re: Trogen horse's

    Originally posted here by comp_custom
    I have been getting attacked from the internet by trogen horses and i was wandering if there is eney way i could stop them from attacking me? I have norton internet security 2004. If you need eney more info ill write back.
    Well if ur system is safe i mean they are not getting into ur system then why are u worried. Anyway if u r getting hit frm a same IP address then email the ISP there ISP i mean and give ur log and complaint abt them thats it. And if u want to be secure get the latest version of Jammer frm Agnitum website this will really help u a very good and easy to use tool.
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  4. #14
    Junior Member
    Join Date
    Oct 2004
    Posts
    27
    Thanks for all your help i think i got it now.
    There is all way\'s one way to fix a computer. Our i think sow at least

    www.americasarmy.com

  5. #15
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401

    Re: Trogen horse's

    Originally posted here by comp_custom
    I have been getting attacked from the internet by trogen horses {..}
    How do you know this?
    What is the exact message NIS is giving you?

    Oh and it's trojan not trogen
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #16
    Junior Member
    Join Date
    Apr 2004
    Posts
    18

    Education on best practice

    Trojans do not attack from the internet, they attack from the inside.
    I greenied Jinxy for this post because you will have to forgive me if I sound like I'm spontaneously channelling the spirit of Catch, but post after post after post I've seen in my brief time here the advocation of firewalls as a pancea without a concomitant education programme on drilling in to users to adopt secure practices i.e. do NOT open or run attachments/executables unless you can verify the source as trustworthy and have scanned the attachment/executable through your AV software.

    We can tell users to slap up a firewall, run AV software, yada yada yada, till we are blue in the face but it will not have any effect unless we continually remind users to educate themselves on the purpose and role of AV's, firewalls, IDS's, Routers, etc, as well as how to adopt best practice in ensuring that they operate using secure principles, or at least keeping these principles in mind.

    Please forgive my Steve Gibson haranguing, but I think it is of the utmost importance to educate users like comp_custom (and myself, for that matter) on not what to do i.e. install a firewall, run AV etc, but why i.e. you need to install a firewall because of x and y, but not of z, for which you need AV to deal with. Then once suitably armed with basic information, they can then peruse these forums to educate themselves in greater detail.

    This post was not directed at anyone as there is some useful and educational advice contained here, but ... Jesus! Doesn't anyone feel a stab of existential angst, a sense of Groundhog Day and that feeling, 'Here we go again ..' when a user has installed a firewall (phew) but gives the impression of opening up attachments without any thought whatsoever to their source? Apologies comp_custom if I sound like I'm flamming you (or anyone else, I'm not) but I'm worried that we've all been brain-washed into thinking that a firewall, AV, etc allows us to adopt bad practices without consequence.

    That's it. I'm finished now :P

    Regards,
    Riotgirl
    \"Don\'t worry. I don\'t have low self-esteem. It\'s a mistake. I have low esteem for everyone else\".



  7. #17
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Allow me to clarify the situation if I may.....

    Definitions:-

    Trojan: A trojan is a piece of software that purports to do something usefull or entertaining while, (whether it is useful or entertaining as well), does something harmful.

    Backdoor: A backdoor is a program that quietly listens on the internet for someone to connect to it. Once they do they usually have the rights to do anything they like to the backdoored computer.

    You may receive a trojan in any number of ways, (email, chat programs, downloads, kazaa and other P2P crap, (sorry, editorializing.... ), and in many cases the Trojan opens a backdoor on your computer. Backdoors come in many flavors, (thousands), but the best know are SubSeven and backOrifice

    From time to time bored script kiddies will scan entire subnets of the internet looking for computers that have a particular backdoor open and will then connect to them in order to have their twisted fun.

    The Firewall companies are dumbasses. When their firewall reports that it has successfully blocked and logged a scan for a particular backdoor they report an attack by a trojan or something equally incorrect, confusing and stupid. Thier alert should read something like this:-

    Tiger Sharks Superior Firewall User Friendly Alert
    *****************************************

    Tiger Sharks Superior, (not to mention user friendly), Firewall just detected an attempt
    to connect to your computer trying to find the backdoor:-

    SubSeven

    Tiger Sharks Superior, (not to mention user friendly), Firewall blocked this attempt.

    Even if your computer were to be infected with the backdoor:-

    SubSeven

    the attacker at luser.user.lamebrain.com was unable to determine any possible infection
    and is no wiser today that the day he was born.

    Thank you for your attention, you are now safe to go back to your beer and porn
    So.... When your firewall tells you that you are being attacked from the outside you actually have nothing to worry about. You need to worry when it tells you it blocked something going outbound or if it stops telling you things......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #18
    yea i agree riotgirl, what kind of connection does this guy have? norton isnt the best, resource hog and nis is like a nagging mother that never stops. ive used it before and will NEVER use it again, anyways if this guy has a broadband connection, i would just use avg or something like that for free (thats what i use) and get a dedicated firewall, such as smoothwall its free, just google it. im not trying to advertise or anything but the thing is freakin genious. very very very easy to use and setup plus plenty of support they give is on their site. but back to the problem, i would block all incoming traffic unless your serving something, and if you do have broadband and you have a router or switch of some kind, why not block incoming icmp? b/c you shouldnt be getting that kind of stuff if you have a router or switch unless it got rooted and passes everything through. im telling you, get a small not very powerful machine and get smoothwall you'll never forget it, i see stuff in my logs all the time about all the stuff it blocks.
    -incideagent

  9. #19
    Junior Member
    Join Date
    Oct 2004
    Posts
    27
    I have a dial-up connection. incideagent
    There is all way\'s one way to fix a computer. Our i think sow at least

    www.americasarmy.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •