my firewall is crazy!

[Tedob1]

seeing inbound traffic for a trojan horse is nothing to worry about. (outbound well thats something else) All inbound traffic means is someone is scanning your network segment for a trojan infected computer to play with. just because its "inbound" dosnt mean there's something there for it to reach.

[theyortiscool]

okay cool thanks a lot, i was gettin a bit worryed wit all of this inbound trojan horse stuff, do you have any good sugjestions on how to get trojans off of my computer, i already used the 30 trail of "the cleaner"

[ammo]

Yeah, like the others said, don't worry too much about it, this is a quite common occurence, especially if you have a broadband connection (which are more appealing...).

For example, a quick review of my firewall logs for 3 common trojan ports gives me
# tcpdump -netttr pflog port 21337 or port 27374 or port 12345 | wc -l
132
132 hits and the log is 4 days old... And this is not even counting the MS-SQL/slammer scans and all...

Ammo

[theyortiscool]

okay, cool. and yes i do have broadband, the reason this came up was because it wouln't let be play monoply online wit others (lol i know im a geek) so i was just wonderin if i dissable it, if i will be fine

[theyortiscool]

im asking everyone who replyed earlyer, if i turn off the firewall for a while, will it affact my comptuer

[buzz6pack]

Tis true that some hackers can take control of your pc over a web connection , i would be happy that norton is blocking this traffic as a backdoor sub7 trojan can be a nasty piece of stuff to get inside your computer ,you can configure norton firewall to block certain ip address ranges , if these attacks keep coming from the same apparent network ip address ranges. simply click settings for personal firewall and go to configure and add the ip address you wish to block there.

[Sonics42ny]

From what I've seen from my corporate firewall at work: generally 99% of everything in the logs are either someone running a network scanner over a range of addresses or it's a virus propagating (or trying to) over the internet.

You want to see warnings....if you stop seeing them, then you should be scared. If you're paranoid ( which isn't a bad thing), download "active ports" and you can see what ports are open & what process is holding them open. It's a great util, and I have it running on all our servers at work, just in case I ever need it.

Also, research what ports it's trying to hit. This is very helpful. You'll find alot of them are viruses running all over the net.

Hope this helps.

[D0pp139an93r]

For the most part, the "attacks" probably aren't serious, but don't take chances. Keep the firewall up. In the last 3 hours, my firewall has detected a large number of "attacks." but it classifies them according to severity. Most of the "attacks" are just port probes (UDP, HTTP, and TCP). None of them raised any serious flags, and were simply blocked and ignored. But I definitely take comfort in the fact that it blocks them, because there are simply too many undisciplined kids out there getting a copy of some trojan and becoming k3w7 h4X0rZ.

[cpopham]

If you pull up your firewall settings, you should be able to allow certain IP addies. Add the IP of the host where you would like to game to this list as trusted. On my HW firwall I can even go further and put a time on the IP address when I can connect to the server. This would be best. If you are really paranoid, allow the game server as trusted while you play, then delete it off the trusted list when you are done. As far as blocked connections, I have even seen my ISP blocked, their servers send out a ping once in while to check the network status. Nothing bad about it, but my firewall dropped them anyway!!! As far as how to get rid of worms, most antivirus software can help you there as long as you keep it updated!

[XxMeMorYxX]

Those might be comming from kazaa
does ur atack come every hour once or on the
exact time when u download some stuff from kazaa
because in most cases it is kazaa so check on that first