I'm attacked by T Horses. Help!!! 
Author Message
 I'm attacked by T Horses. Help!!!

Norton IS reported:

Date: 11/13/2001 Time: 18:10:42
Intrusion attempt detected from address
15.chicago-26-27rs.il.dial-access.att.net(12.84.10.15) by rule "Default
Block NetBus Trojan horse".
Blocked further access for 30 minutes.

Date: 11/13/2001 Time: 18:10:42
Rule "Default Block NetBus Trojan horse" blocked
(borg222x(12.84.10.189),NetBus(12345)).  Details:
Inbound TCP connection
Local address,service is (borg222x(12.84.10.189),NetBus(12345))
Remote address,service is
(15.chicago-26-27rs.il.dial-access.att.net(12.84.10.15),1046)
Process name is "N/A"

What do I do now? I'm having these attacks on a constant basis, also
SubSeven Trojan Horse. I've had 16 attacks for the last month.
I ran NortonAV on my computer and it didn't find anything.
Any input would be appreciated.



Sun, 02 May 2004 20:49:54 GMT  
 I'm attacked by T Horses. Help!!!
Wow, 16 in one month!
Nothing more?
Here in Austria it is normal to have this amount per hour in some parts of
the UPC cable network.
Sub7, Y3K-RAT, NetBus, Code Red, Nimda ... what you want, its there,
scanning for victims.
I trust my ZoneAlarm pro Firewall to some point, but I am still a bit
paranoid.
I use ZoneLogAnalyser to check my ZoneAlarm Logfiles wether  somebody really
looks for me.
Mostly its only script kiddies playin around and thinking theyre cool.
Thats my opinion.
As long as you have only INCOMING probes from Trojans it is  (sad but true)
normal. If you find an OUTGOING Trojan attempt, THEN you have a reason to
worry...

Try to keep up with security fixes for your windows, use an up-to-date
virusscanner and dont open unknown email attachments.

Thats what I am doing. And I had no virus/trojan troubles in the last 5
years.

HTH

Heiko



Quote:
> Norton IS reported:

> Date: 11/13/2001 Time: 18:10:42
> Intrusion attempt detected from address
> 15.chicago-26-27rs.il.dial-access.att.net(12.84.10.15) by rule "Default
> Block NetBus Trojan horse".
> Blocked further access for 30 minutes.

> Date: 11/13/2001 Time: 18:10:42
> Rule "Default Block NetBus Trojan horse" blocked
> (borg222x(12.84.10.189),NetBus(12345)).  Details:
> Inbound TCP connection
> Local address,service is (borg222x(12.84.10.189),NetBus(12345))
> Remote address,service is
> (15.chicago-26-27rs.il.dial-access.att.net(12.84.10.15),1046)
> Process name is "N/A"

> What do I do now? I'm having these attacks on a constant basis, also
> SubSeven Trojan Horse. I've had 16 attacks for the last month.
> I ran NortonAV on my computer and it didn't find anything.
> Any input would be appreciated.



Sun, 02 May 2004 21:55:24 GMT  
 I'm attacked by T Horses. Help!!!


Quote:
> Norton IS reported:

> Date: 11/13/2001 Time: 18:10:42
> Intrusion attempt detected from address
> 15.chicago-26-27rs.il.dial-access.att.net(12.84.10.15) by rule "Default
> Block NetBus Trojan horse".
> Blocked further access for 30 minutes.

> Date: 11/13/2001 Time: 18:10:42
> Rule "Default Block NetBus Trojan horse" blocked
> (borg222x(12.84.10.189),NetBus(12345)).  Details:
> Inbound TCP connection
> Local address,service is (borg222x(12.84.10.189),NetBus(12345))
> Remote address,service is
> (15.chicago-26-27rs.il.dial-access.att.net(12.84.10.15),1046)
> Process name is "N/A"

> What do I do now? I'm having these attacks on a constant basis, also
> SubSeven Trojan Horse. I've had 16 attacks for the last month.
> I ran NortonAV on my computer and it didn't find anything.
> Any input would be appreciated.

Hi,
While it is alarming to see these things, its important to remember what
they mean.

Someone has attempted to connect to your computer to see if you have a
particular Trojan horse. That's all, just someone being nosy in effect.
That's alarming enough I appreciate, but these sorts of scans are common,
and it doesn't mean that your security has been compromised in any way.
These kinds of scans have been going on for years, they are not directed at
you personally (people scan thousands of addresses in one go hoping for a
"hit") and they are not a sign your computer actually has a Trojan horse on
it.

According to the log excerpts you posted your firewall appears to be doing
its job and blocking them, and hopefully even if you were infested your
virus scanner would notice and warn you. If you start seeing *hundreds* of
attempts from the same address in a short space of time then someone is
trying to attack you, but 16 in a month is not something to get too alarmed
over.

--
--
Robert Moir, Microsoft Windows 2000/NT MVP
To search the MS Knowledge base use the link below:
http://support.microsoft.com/support/search/c.asp?PSL=1
My Homepage - http://www.robertmoir.co.uk
** Emailed questions will not be answered **



Mon, 03 May 2004 04:10:52 GMT  
 I'm attacked by T Horses. Help!!!
Thanks a lot, guys, for your explanations; I feel relieved now. You were
very helpful.


Mon, 03 May 2004 14:40:26 GMT  
 
 [ 4 post ] 

 Relevant Pages 

1. Man running after a horse then rides the horse, Microworlds Pro

2. Man running after a horse then rides the horse, Microworlds Pro

3. Man running after a horse then rides the horse, Microworlds Pro

4. Timesaver error: Unknown Variable '%TS'

5. Top Ten Consultants' DON'Ts

6. Top Ten Consultants' DON'Ts

7. Ts 3.1 src in Ts 1.17

8. Lessons from Algol (Was: JLG's flogging of horses)

9. Trojan Horse Virus, Help needed

10. Help needed on suspected virus attack

11. What's with TS Marketing

12. SQL Does and Don'ts

 

 
Powered by phpBB® Forum Software