February 5th, 2005, 07:53 AM
I'm putting this in the Newbie section because I am
I just reinstalled Windows (XP Pro)... did all the service packs/updates before connecting to the Internet... Scotty installed, MS anti-spyware, Kerio PF, Tauscan, S&D.... disabled Netbios... all that stuff.
And this may be a retarded question, but why do I have this in my logs? Can't copy&paste from Kerio, but I have everything from BackdoorSubSeven DefCon 8.21 to Phasezero... every backdoor that's ever been invented, it's in those logs. POR QUE? Why? Waarom? Warum? Pourquoi? Trojan-this, trojan-that... all of them... class:succesul-user... QUE?
February 5th, 2005, 08:51 AM
Using kerio ? Sounds like a bug. Is your kerio up-to-date ? Type (in a DOS shell) 'netstat -a' and see if any unusual ports are up/listening/established. If nothing but the usual is up (ie; the loopbacks and www connections) then it is deffinatly a bug. If you see something like port 27374 (default sub7 port) or 31337 (default back orafice port) open, then it is time to get worried. For now, I'd just recommend updating kerio, or gettin another firewall.
The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare
February 5th, 2005, 12:12 PM
inbound traffic? are you on a fixed IP (or atleast a semi fixed)
I am assuming that Kerio blocked the traffic
How persistant are the incidents, are these hammering at the door, or just passing bell ringers.. what I am asking is there a pattern ie port 1234, 129, 11234 14789 33000 etc and repeating from the one IP.. some one hammering at the door.. the one to look i nto..
or a scann from one ip, then another IP from random domains,but similar ports.. the passing doorbell ringer, worm activity.. some worms do scan various ports and a few firewalls will report them as the various trojans ..
Neg is it possable to export the Log to a txt file, or just brows to the Prog file dir and open in notebook..
**** wher have I got a machine with Kerio on it,..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
February 5th, 2005, 02:49 PM
Don't know how to export the logs, but here's a screen shot...
February 5th, 2005, 03:01 PM
Neg: im getting the exact same thing at least its dropping the traffic even stranger im behind a hardware firewall/router
By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
The 20th century pharoes have the slaves demanding work
February 5th, 2005, 03:07 PM
I'm behind what you could call a firewall, too, I guess (Linksys wireless)
What really bothers me is that this box is fresh... installed XP Pro on it, installed all service packs from CD, Kerio, WinPatrol, MS Anti-spyware, Spybot's Tea-timer - all from CD. I connect to the Internet and this stuff starts happening. It looks like it's isolated though (only happened once last night)...
February 5th, 2005, 03:32 PM
Sounds like one of 2 things were happening, either there were a lot of scans going on last night that make sense since both of you were seeing issues.
I would really hate to think that a firewall/IDS like Kerio would come up with false positives but its a possibility.
Duct tape.....A whole lot of Duct Tape
Spyware/Adaware problem click
February 5th, 2005, 08:06 PM
It looks like the "Script Kiddies" were out in full force last night as my logs also had a number of these type scans. Sounds like a kid found a prog and was hitting on different ip ranges.
February 5th, 2005, 08:48 PM
Your box is just fine..... Something, possibly Kerio, is downloading the defs and info for all the different signatures up there on whitehats......
Go kiss Mel for me and quit worrying.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
February 5th, 2005, 08:53 PM
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry