PDA

View Full Version : High risk security alert Norton



macpen
19-08-2004, 06:01 PM
Hi Folks. My Norton 2004 internet security displayed the above topic with the following info;
Attempt to connect to local computer using the NetBus Trojan horse detected.
Protocol: TCP inbound.
Remote Address: 219.88.47.250:3234

Obviously it didn't make it into my PC but what can I do about it? Can I find out from the address given, any details and should I notify them?
Many thanks in advance. macpen

Jen C
19-08-2004, 07:06 PM
That IP belongs to someone using xtra.co.nz on a dialup connection. You cannot find out who exactly as the ISP's will not release this information to you (confidential). The port number of 3234 is used by a Alchemy Server.

I wouldn't worry about this message, the main thing is that your firewall is doing its job and protecting your computer. :)

Spacemannz
20-08-2004, 10:12 PM
Norton Internet Security 2003 and most probably 2004 have a built in map of the world which shows u the origin of the attacker. When the globe flashes on the taskbar. Click on it then Yes then Yes.. It should bring up the location of the hacker on a map of the world.

Down the bottom left click on details. It'll give u details of the ISP. If it is Xtra where the attack came from send an email to abuse@xtra.co.nz

Also right mouse on the globe on the taskbar. Select Norton Internet Security, then click on Statistics left hand side then click on View logs on the right hand side. Click on Alerts (or go through the options). Then on the right hand window look for the entry of the attempted hack. When you find it click on the disk icon in the menu to save the logs. Save it to a folder. Then go to that folder. Open that file then copy and paste it into an email to the person's ISP. They need a log of the attempted hack to action your email.

Spacemannz
20-08-2004, 10:13 PM
Norton Internet Security 2003 and most probably 2004 have a built in map of the world which shows u the origin of the attacker. When the globe flashes on the taskbar. Click on it then Yes then Yes.. It should bring up the location of the hacker on a map of the world.

Down the bottom left click on details. It'll give u details of the ISP. If it is Xtra where the attack came from send an email to abuse@xtra.co.nz

Also right mouse on the globe on the taskbar. Select Norton Internet Security, then click on Statistics left hand side then click on View logs on the right hand side. Click on Alerts (or go through the options). Then on the right hand window look for the entry of the attempted hack. When you find it click on the disk icon in the menu to save the logs. Save it to a folder. Then go to that folder. Open that file then copy and paste it into an email to the person's ISP. They need a log of the attempted hack to action your email.

Spacemannz
20-08-2004, 10:19 PM
Oops when u copy and paste the log of the attack just copy the log relating to the attack. NOT all the info in the file u saved.

tweak\'e
20-08-2004, 10:35 PM
unless its a really serious sitution (ie you can prove a hacking attempt), emailing isp's with logs etc just drives the help desk nuts.

i woldn't bother even tracking the location etc (it gets boring fast). just ignore the alerts (turn them off if you can) and count your lucky stars that you didn't get infected :-)

considering the huge amounts of alerts/hack attemps/trojens etc each day most people get you would spend most of the day emailing the logs !

Spacemannz
20-08-2004, 11:06 PM
Well thats what the log is for. It shows the ip the time the trojan/port, the date. What else do you need!

Thats all the proof you need. Ive reported and been successful with NZ and Aussie ISPS who have dealt with the hacker after emailing the logs.

Well you're NOT tracking the location Norton Internet Security tracks it for you and shows u visually where its from. Thats the ISP's problem, thats what their abuse@ is for. If it drives them mad, they shouldnt have the abuse email, or shouldnt be an ISP. And thats what they get paid for.