Thread: Trojans

  1. #1
    Registered User
    Join Date
    Aug 2001
    Posts
    207

    Angry Trojans

    Hi, I have installed Black Ice in a computer that has cable connection. And I've seen that there are at least 5-10 trojans trying to get into the computer everyday. With this software I get their IP, is there anything I can do about it?

    Any experience around here with Trojans?

  2. #2
    Registered User C_Coder's Avatar
    Join Date
    Oct 2001
    Posts
    522
    I think not all security alerts are actual attempts to access your computer, they can be caused by web site servers sometimes, read that somewhere.
    All spelling mistakes, syntatical errors and stupid comments are intentional.

  3. #3
    Hmm...You get the tcp/ip adress when they give it? Well, I would type in the IP in internet explorer or whatever browser you use, and if it gives a website you were just at or something, then it is probably just a cookie or something. I doubt anyone would want to send a trojan to just a normal user. Normally, they are sent to big web servers. Unless you distribute your IP adress throughout the internet of course...
    What will people say if they hear that I'm a Jesus freak?
    What will people do if they find that it's true?
    I don't really care if they label me a Jesus freak, there is no disguising the truth!

    Jesus Freak, D.C. Talk

    -gnu-ehacks

  4. #4
    Registered User
    Join Date
    Aug 2001
    Posts
    207
    OK, thanks guys.

    I'll try looking for the IP's then.

  5. #5
    Registered User (TNT)'s Avatar
    Join Date
    Aug 2001
    Location
    UK
    Posts
    339
    Hi,

    Another thing this could be is certain trojans come with ip scanners to find a victim with the trojan server. If the script-kidoo scans from 217.45.23.1 to 217.45.23.255 and your ip is in between black ice is reporting an attempted attack(scan) and if you had the server running the client would say to the kiddo that you are vonrable and he would then do his stuff... with your comp. So basically it wont be someone just targeting you speficifally. Your bound to get sevral scans a day, but they do no harm if you aint got the server. Also if you do get there ip and wanna do somthing about them, either retilate on there IP, or do a whois query on there IP and report them to there ISP.

    Hope that helps
    TNT
    TNT
    You Can Stop Me, But You Cant Stop Us All

  6. #6
    Registered User
    Join Date
    Aug 2001
    Posts
    207
    Thanks TNT, it sounds pretty smart.

    I think I don't need to be affraid after what you guys have said, thanks.

  7. #7
    I use zonealarm and when I once left (sp?) my pc on for about 35 hours and I had about 400 alerts. But not every alert is a attempt to break in. It could also be some lost packages. It doesn’t bother me. As long as those kiddies don’t do any damage. If they do, I’ll do everything in my power to get them back .

  8. #8
    Just one more wrong move. -KEN-'s Avatar
    Join Date
    Aug 2001
    Posts
    3,227
    Yeah, just abut all of your "attempts" are just background noise. It's really not anything bad enough to report unless you get scans to 31337 or other hacker ports. This guy in Spain keeps trying to get into my computer...it's like his favorite target! It's really annoying. I just portscan the hell outta him every time,though....hehe...

  9. #9
    _B-L-U-E_ Betazep's Avatar
    Join Date
    Aug 2001
    Posts
    1,412
    >>>And I've seen that there are at least 5-10 trojans trying to get into the computer everyday


    Trojans don't get in... they get out. Black Ice will detect suspicious activity that may be caused by trojans (If such is the case, get a virus/trojan scanning util like Norton). It will also detect activity of those people scanning for trojans. (Which is completely different...) Scans and network traffic do not hurt you. (Well some network traffic can if there is enough of it...DOS/SYN attacks et al) So don't worry about it too much. Just log suspicious IP addresses and look for multiple scans/attacks in the future.

    Get a port utility like NetToolX or just use netstat -a from a command line to see if any of your ports are bleeding onto the net. You would look for established connections or listening connections that are out of the ordinary. (Learn more about NETBIOS... some ports are not supposed to be closed.) Many trojans default in the thousands... like 5555 etc. So you may find some of your higher ports connected or listening for connections.

    Even with a packet monitor firewall, you can be shut down and your computer can be manipulated. You build a better mousetrap and make a better rat....
    Blue

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. What is this virus?
    By Raison in forum Tech Board
    Replies: 17
    Last Post: 12-06-2004, 04:59 PM
  2. explorer.exe
    By Betazep in forum A Brief History of Cprogramming.com
    Replies: 12
    Last Post: 05-29-2002, 03:36 AM