|
View Full Version : Repeated attack attemps by Sokets de Trois v1 trojan
In the last 2 days, I have had a huge number of intrusion attempts using
the elegantly named "Sokets de Trois v1" trojan (sockets of 3???).
According to my firewall (Norton) more than 150 in ~ 24 hours. I have a
cable connection, usually on 12-16 hours/day. These have originated
from a variety of addresses, all 65.###.##.###. The firewall seems to
be doing its job, and of course I am used to getting the occasional
alert, but with this many, and with all from addresses beginning
65.something, I'm wondering if there is some significance here.
TIA,
Dan
Here's another question to betray my ignorance, is there anything you
can "do" with the addresses of potential attackers (most recent one just
now, 65.148.9.160)? Of course the software blocks the number, at least
for 30 minutes, but is there any way to determine from several such
numbers if the originated with the same individual?
|
Hi Dan. Don't worry about it as your firewall is doing it's job and be glad. I have had days where my cable/dsl firewall has logged thousands of access attempts form all kinds of addressess to all kinds of ports. Just be sure to use a quality antivirus that also scans all your emails and keep it up to date and scan your system at least weekly. Apparently that particular network address/subnet is heavily infected. --- Steve "Dan" wrote in message
news:ubDH8rFPEHA.644@tk2msftngp13.phx.gbl...
> In the last 2 days, I have had a huge number of intrusion attempts using
> the elegantly named "Sokets de Trois v1" trojan (sockets of 3???).
> According to my firewall (Norton) more than 150 in ~ 24 hours. I have a
> cable connection, usually on 12-16 hours/day. These have originated
> from a variety of addresses, all 65.###.##.###. The firewall seems to
> be doing its job, and of course I am used to getting the occasional
> alert, but with this many, and with all from addresses beginning
> 65.something, I'm wondering if there is some significance here.
>
> TIA,
>
> Dan
>
> Here's another question to betray my ignorance, is there anything you
> can "do" with the addresses of potential attackers (most recent one just
> now, 65.148.9.160)? Of course the software blocks the number, at least
> for 30 minutes, but is there any way to determine from several such
> numbers if the originated with the same individual?
|
Steven-Yeah I wasn't really concerned, it just kinda makes me mad. I guess my fantasy was there'd be some program which, after plugging in all those "65" addresses, would give me the guy's STREET address so's I could go kick his ass ;-) Dan Steven L Umbach wrote: > Hi Dan. > > Don't worry about it as your firewall is doing it's job and be glad. I have > had days where my cable/dsl firewall has logged thousands of access attempts > form all kinds of addressess to all kinds of ports. Just be sure to use a > quality antivirus that also scans all your emails and keep it up to date and > scan your system at least weekly. Apparently that particular network > address/subnet is heavily infected. --- Steve > > > "Dan" wrote in message
> news:ubDH8rFPEHA.644@tk2msftngp13.phx.gbl...
>
>>In the last 2 days, I have had a huge number of intrusion attempts using
>>the elegantly named "Sokets de Trois v1" trojan (sockets of 3???).
>>According to my firewall (Norton) more than 150 in ~ 24 hours. I have a
>>cable connection, usually on 12-16 hours/day. These have originated
>>from a variety of addresses, all 65.###.##.###. The firewall seems to
>>be doing its job, and of course I am used to getting the occasional
>>alert, but with this many, and with all from addresses beginning
>>65.something, I'm wondering if there is some significance here.
>>
>>TIA,
>>
>>Dan
>>
>>Here's another question to betray my ignorance, is there anything you
>>can "do" with the addresses of potential attackers (most recent one just
>>now, 65.148.9.160)? Of course the software blocks the number, at least
>>for 30 minutes, but is there any way to determine from several such
>>numbers if the originated with the same individual?
>
>
>
|
Hi Dan. More than likely many of the computers are zombies, meaning they have been infected and the computer owner does not even know about it. It happened to me once during the red code invasion. I forgot I port forwarded to an internal computer so that friends could access some pictures of mine on a web page. One day I was wondering why there was so much activity on the router. Well I opened up Netmon and saw my computer was attacking other web servers -- OOPS! --- Steve "Dan" wrote in message
news:uI4FMUGPEHA.3124@TK2MSFTNGP12.phx.gbl...
> Steven-Yeah I wasn't really concerned, it just kinda makes me mad. I
> guess my fantasy was there'd be some program which, after plugging in
> all those "65" addresses, would give me the guy's STREET address so's I
> could go kick his ass ;-)
>
> Dan
>
> Steven L Umbach wrote:
> > Hi Dan.
> >
> > Don't worry about it as your firewall is doing it's job and be glad. I have
> > had days where my cable/dsl firewall has logged thousands of access attempts
> > form all kinds of addressess to all kinds of ports. Just be sure to use a
> > quality antivirus that also scans all your emails and keep it up to date and
> > scan your system at least weekly. Apparently that particular network
> > address/subnet is heavily infected. --- Steve
> >
> >
> > "Dan" wrote in message
> > news:ubDH8rFPEHA.644@tk2msftngp13.phx.gbl...
> >
> >>In the last 2 days, I have had a huge number of intrusion attempts using
> >>the elegantly named "Sokets de Trois v1" trojan (sockets of 3???).
> >>According to my firewall (Norton) more than 150 in ~ 24 hours. I have a
> >>cable connection, usually on 12-16 hours/day. These have originated
> >>from a variety of addresses, all 65.###.##.###. The firewall seems to
> >>be doing its job, and of course I am used to getting the occasional
> >>alert, but with this many, and with all from addresses beginning
> >>65.something, I'm wondering if there is some significance here.
> >>
> >>TIA,
> >>
> >>Dan
> >>
> >>Here's another question to betray my ignorance, is there anything you
> >>can "do" with the addresses of potential attackers (most recent one just
> >>now, 65.148.9.160)? Of course the software blocks the number, at least
> >>for 30 minutes, but is there any way to determine from several such
> >>numbers if the originated with the same individual?
> >
> >
> >
|
|
|
|