CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

manchild Nybegynder

07. oktober 2004 - 21:58 Der er 3 kommentarer

hacker attack

hello everyone...
im not sure if this is the right place.. but spare with me.
i have abroardband conncetion. and every time I turn on the pc. my netstat tool show a active connection. protocol tcp port 3660.. foreign address: 220.67.19.97.reverse.theplanet.com:http ESTABLISHED.
now! i have windows XP pro tcp filteriung on and allow only few ports... 3660 is not among them... still the connection is there,,, futhermore i have made a security policy blocking this addresss and port.. still.. its there,,,
i have also added the dns namepsace to the (restricted site) under internet security for iexplorer.. still connected. my question is : how do I block or stop this connection,, now I have made all this setting and blocking..

i hope someone can help me.. what did I miss ?

thanks ad avanced

manchild

Synes godt om

bufferzone Praktikant

08. oktober 2004 - 09:13 #1

It's because your firewall (XP internal) does net block OUTGOING trafic. Also your policy prob. block incomming trafic form the external adress, but not outgoing trafic from your IP to the (blocked) external IP.

It looks like you have a trojan that automatically connects out to the internal adress. You need to do the following.

First install a personal firewall that handles outgoing trafic as well. Look at Sygate personal firewall, its free and works well.

Next you need to scan your PC. You can use HijackThis and past the log in this forum to get help cleaning out the trojan.

Synes godt om

manchild Nybegynder

09. oktober 2004 - 15:59 #2

hi and thanks for heling me..
i do have firewall and security up.. and my security policies do go both incoming and outgoing,, as I did not know what traffic this connection made.
yes true... XP only filter incoming,, i did mangage to add the adress in my local host file.. that way I could revers the ip address to the real ip..
thats is how I found that the media contoll protocol was in use.. and i only have realplayer in use.. so I found the cause of this connection,, no hacker attatc.. but me lack of control of realplaeyr internet settings.. :-) I learn
I thank you anyhow for your helpfulness..

Synes godt om

bufferzone Praktikant

10. oktober 2004 - 12:40 #3

You are wellcome. Realplayer, and all other applications that are used for communication purposes or connect them selves poses a problem for the security manager. I allways try to documente what they do, what protocols they use and what theu connect to.

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
telefonnummer som id Af bvirk i Andet sikkerhed	3	13/08/202416:32	14/08/202418:28
Password sikkerhed Af jhjorsal i Andet sikkerhed	2	13/07/202413:12	13/07/202422:46
Automatisering af certifikat proces - Danske virksomheder Af Søren i Andet sikkerhed	1	29/05/202414:23	30/05/202409:03
VPN i forhold til facebook? Af Novice-1 i Andet sikkerhed	2	26/05/202412:09	26/05/202420:54
Fjerne adgangskode Af Geo" søster i Andet sikkerhed	4	25/04/202418:19	26/04/202422:46

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS