H
Harvey Colwell
there is a better group for this to be posted to, please let me know.
I have McAfee AntiVirus Enterprise version installed. It is updated daily
and is configured to scan "All" files. I run SpyBot Search & Destroy on a
weekly. I have Windows XP firewall enabled. Our corporate LAN is behind a
Cisco router with the IOS firewall installed.
I just installed "Intrusion Catcher 2" and every time I open the web browser
I get several hits from various remote sites, port 80, trying to open a
connection to port 3120, 3466, or 3470 on my PC. All of these ports are
related to various backdoor Trojans.
I feel that my PC is clean, but I don't know how these remote sites would be
alerted that I'm going on-line unless I have some rouge program running on
it. I've used both TCPView and FPort to list the open ports and none of the
above ports are in use.
Is this a threat? Do I have a Trojan on my PC? How can I protect our PCs
from this attack/probe?
I'll put a packet sniffer on it as soon as I get some more time.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Harvey Colwell --- SDS, Inc
Web: http://www.sds400.com/
Eml: (e-mail address removed)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
I have McAfee AntiVirus Enterprise version installed. It is updated daily
and is configured to scan "All" files. I run SpyBot Search & Destroy on a
weekly. I have Windows XP firewall enabled. Our corporate LAN is behind a
Cisco router with the IOS firewall installed.
I just installed "Intrusion Catcher 2" and every time I open the web browser
I get several hits from various remote sites, port 80, trying to open a
connection to port 3120, 3466, or 3470 on my PC. All of these ports are
related to various backdoor Trojans.
I feel that my PC is clean, but I don't know how these remote sites would be
alerted that I'm going on-line unless I have some rouge program running on
it. I've used both TCPView and FPort to list the open ports and none of the
above ports are in use.
Is this a threat? Do I have a Trojan on my PC? How can I protect our PCs
from this attack/probe?
I'll put a packet sniffer on it as soon as I get some more time.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Harvey Colwell --- SDS, Inc
Web: http://www.sds400.com/
Eml: (e-mail address removed)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-