PDA

View Full Version : Trojans



Gades
12-30-2001, 11:53 AM
Hi, I have installed Black Ice in a computer that has cable connection. And I've seen that there are at least 5-10 trojans trying to get into the computer everyday. With this software I get their IP, is there anything I can do about it?

Any experience around here with Trojans?

C_Coder
12-30-2001, 12:02 PM
I think not all security alerts are actual attempts to access your computer, they can be caused by web site servers sometimes, read that somewhere.

gnu-ehacks
12-30-2001, 12:45 PM
Hmm...You get the tcp/ip adress when they give it? Well, I would type in the IP in internet explorer or whatever browser you use, and if it gives a website you were just at or something, then it is probably just a cookie or something. I doubt anyone would want to send a trojan to just a normal user. Normally, they are sent to big web servers. Unless you distribute your IP adress throughout the internet of course...

Gades
12-30-2001, 12:47 PM
OK, thanks guys.

I'll try looking for the IP's then.

(TNT)
12-30-2001, 03:17 PM
Hi,

Another thing this could be is certain trojans come with ip scanners to find a victim with the trojan server. If the script-kidoo scans from 217.45.23.1 to 217.45.23.255 and your ip is in between black ice is reporting an attempted attack(scan) and if you had the server running the client would say to the kiddo that you are vonrable and he would then do his stuff... with your comp. So basically it wont be someone just targeting you speficifally. Your bound to get sevral scans a day, but they do no harm if you aint got the server. Also if you do get there ip and wanna do somthing about them, either retilate on there IP, or do a whois query on there IP and report them to there ISP.

Hope that helps
TNT

Gades
12-30-2001, 05:28 PM
Thanks TNT, it sounds pretty smart.

I think I don't need to be affraid after what you guys have said, thanks.

maes
12-30-2001, 06:01 PM
I use zonealarm and when I once left (sp?) my pc on for about 35 hours and I had about 400 alerts. But not every alert is a attempt to break in. It could also be some lost packages. It doesnít bother me. As long as those kiddies donít do any damage. If they do, Iíll do everything in my power to get them back :D.

-KEN-
12-30-2001, 06:15 PM
Yeah, just abut all of your "attempts" are just background noise. It's really not anything bad enough to report unless you get scans to 31337 or other hacker ports. This guy in Spain keeps trying to get into my computer...it's like his favorite target! It's really annoying. I just portscan the hell outta him every time,though....hehe...:)

Betazep
12-31-2001, 12:49 AM
>>>And I've seen that there are at least 5-10 trojans trying to get into the computer everyday


Trojans don't get in... they get out. Black Ice will detect suspicious activity that may be caused by trojans (If such is the case, get a virus/trojan scanning util like Norton). It will also detect activity of those people scanning for trojans. (Which is completely different...) Scans and network traffic do not hurt you. (Well some network traffic can if there is enough of it...DOS/SYN attacks et al) So don't worry about it too much. Just log suspicious IP addresses and look for multiple scans/attacks in the future.

Get a port utility like NetToolX or just use netstat -a from a command line to see if any of your ports are bleeding onto the net. You would look for established connections or listening connections that are out of the ordinary. (Learn more about NETBIOS... some ports are not supposed to be closed.) Many trojans default in the thousands... like 5555 etc. So you may find some of your higher ports connected or listening for connections.

Even with a packet monitor firewall, you can be shut down and your computer can be manipulated. You build a better mousetrap and make a better rat....