PDA

View Full Version : Firewall Log ques. Can you help me Yabut?



Unregistered
04-02-2002, 01:51 PM
Tried to post this question before with no responses from anyone. Will try to word my problem differently. I have an IP (on my own ISP network) that floods my firewall log as soon as I sign on. Before "it" was just sniffing ports (UPD). Lately, looking for Trogans on typical Trogan ports. And now nonsense stuff that the firewall can only identify as "programs". Example, software stuff (ie. rightbrain if you can believe it) and just today something called "Elan License Manager". Uses same IP that has been banned right from the start. Attempts to get around firewall have failed (I use strict setting and works fine). What is this nutcake trying to do? More just harassment? Kind of stupid. Yabut, what do ya think? Regards. Newbietoo

PS what can we do about this "it". Contacting my own ISP has done nothing (but of course you all knew that :)) I am archiving the logs of this "it", but how can I really go after "it". I am that mad. Looks as though I may have some sort of address but it doesn't have @ in the address. Could this be a kiddie script? A newbie kiddie script :)?

Unregistered_Yabut
04-03-2002, 12:05 AM
Good question. Could be that someone has targeted you. Have you ticked off any "bunny Boilers" in chat rooms or something?
(Not necessarily your fault) Could be somebody that has just decided to pick on your IP. Does your IP change? Do you
check it once in a while? Your firewall records will show if it ever does.Are you sure you don't have a trogen?
Bad programs, bugs and trogens can be sent in email. You dont have to save the attach, just open the email. Bugs etc can be
hidden in the lil pics in email that show up as ads. DLL's can be activated by outside forces. That's why Zone Alarm blocks
outgoing traffic as well as IN.Also hackers can "piggy back" in on a signal. Like when you update your antivirus. There's a
zillion scenarios. Report them? If they are any good at what they do, that will just TICK them off. It's been my experience that
ISPs rarely do anything. I did get one or two off line for a month. Whoopie do~~. They just come back on you harder. Then
they get something worse or more high tech to hit you with and you lose hardware. And NO, that's not a myth. Hackers can
get into your bios...maybe alter your FAN settings... fry something on the mother***rd. Inject java scripts that put you in a
LOOP or worse. My advice is just continue being careful and try to ignore it.

Unregistered
04-03-2002, 10:48 AM
Hi Yabut,
You are the only who helps me out here. You are very right about all that you said. I told my spouse that "things" can get in via just email, not just opening attachments. We do have a way to find infected files via our virus scan. This takes over an hour, but can be done off line. To our knowledge we do not have a trojan. Firewall states that this "it" is looking for trojans on certain ports, but never gets access. The rest is just annoying. This IP is Banned, so "it" isn't getting very far. I don't go to chat rooms and I have disabled so much, that I can't do anything interactive except in Forums such as this. Instead of looking for tutorials on the internet, Iam going to head for the library or bookstores :) Safer than stumbling upon a bad website. I am very careful not to tick people off. But I can understand that a polite newbie must be very irritating to the high tech. forum members (chuckles). Last thing. youwill get a kick out of this: Last tojan looked for by "it" was GabanBus/NetBusTrojan/PieBillGatesTrojan/X-Billtrojan. Spouse tells me someone did throw a pie at him once!!! Good for them. Have read that more "its" go after Microsoft users just because they "hate" Mr. Gates. Oh well. Life goes on :) Take care, Newbietoo and thanks again.