Problems with security on cable connection
From: Snuffles (nospam@noplace.com)
Date: 02/18/03
- Next message: SysAdm: "Re: Restricting access to a web server by IP"
- Previous message: Colonel Sam Flagg, U.S. Army Intelligence: "Re: relay"
- Next in thread: nemo: "Re: Problems with security on cable connection"
- Reply:(deleted message) nemo: "Re: Problems with security on cable connection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Snuffles <nospam@noplace.com> Date: Tue, 18 Feb 2003 12:42:38 -0500
First, I will apologize in advance for being a newbie in this area,
but I would really appreciate any help or suggestions on some issues
that I'm having.
About 2 months ago, I downloaded KaZaA Gold and used it for a couple
of weeks. Then I decided to remove it. I did this with what
appeared to be no problem. But it's been well over a month since I
removed the programs, and I am getting hundreds of hits on port 1214
that are being blocked by my firewall. Many hits are coming from a
few individuals, and so it didn't seem to me as if they were trying
to hack me. Is there somewhere in all the stuff concerning KaZaA
that tracks your IP address in some manner and then retains it so
that others unkowningly keep attempting to access my system again?
Secondly, I have always kept my Symantec Anti-virus up to date, but
until recently, did not realize that I needed something else to pick
up the trojans, adware and possible spyware on my system. For
trojans, I ran the trail version of TDS-3, which I don't believe,
has a current list of trojans that can be added to the trial
version. But it did find 4 instances of SubSeven 2.2b and 1
instance of Mosucker Dropper 1.1. I removed them all and figured
I'd gotten my problems resolved. I also ran a The Cleaner, by
Moosoft and it found nothing.
I've cleaned up my adware by running both the current version of
Ad-aware and Spybot Search & Destroy.
But a couple of times before I removed the trojans and now, twice
since I've removed them, I have an unusual situation. I have a
packet sniffer program that checks all traffic on port 25 that is
not from my ISP's mail server. What I found was that there seems to
be something that accesses port 25 through my connection and
attempts to access and send some type of mail to an ISP in China.
The email it attempts to send is not going to the same address each
time. And the IP it uses varies usually by the last digit of the
address each time. The packets so far indicate that these user id's
no longer exist on China's ISP.
Does anyone know what could be causing this? This attempt to send
info to the China ISP only happens within a second or two and so I
don't think there is anything that will show a program running at
the time it's happening, that would still show as running once I
realize it has happened and checked all processes.
That access attempt does not happen each time I get into my mail.
Can anyone give me suggestions on what I might try or look for to
find out what's going on? I use Netscape Communicator for browsing
and e-mail.
Any help would very much be appreciated....
Snuffles
- Next message: SysAdm: "Re: Restricting access to a web server by IP"
- Previous message: Colonel Sam Flagg, U.S. Army Intelligence: "Re: relay"
- Next in thread: nemo: "Re: Problems with security on cable connection"
- Reply:(deleted message) nemo: "Re: Problems with security on cable connection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
