Sunday, August 06, 2006

A Word to the Wise.

I've been the target of a number of direct attacks against my computer over the last several months. I'm providing the relevant Norton logs below, including the "remote address" (the IP of the attacker). My own IP is x'd out for obvious reasons.


8/6/2006 @ 6:13:42 PM: Rule "Default Block NetBus Trojan horse" blocked (207.12.157.2, NetBus(12345)).
Inbound TCP connection.
Local address, service is (XXX.XXX.XX.XX), NetBus(12345).
Remote address, service is (207.12.157.2, 3018).
Process name is "N/A".

See: Wikipedia page User talk:207.12.157.2; DNS Stuff/WhoIs page.


8/4/2006 @ 9:42:57 PM: Rule "Default Block Backdoor/SubSeven Trojan horse" blocked (209.159.206.135, 27374).
Inbound TCP connection.
Local address, service is (XXX.XXX.XX.XX, 27374).
Remote address, service is (209.159.206.135, 2783).
Process name is "N/A".


7/11/2006 @ 8:07:05 PM: Rule "Default Block Senna Spy Trojan horse" blocked (206.165.215.13, 13000).
Inbound TCP connection.
Local address, service is (XXX.XXX.XX.XX, 13000).
Remote address, service is (206.165.215.13, 13000).
Process name is "N/A".


5/10/2006 @ 10:53:19 PM: Rule "Default Block NetBus Trojan horse" blocked (209.214.148.159, NetBus(12345)).
Inbound TCP connection.
Local address, service is (XXX.XXX.XX.X, NetBus(12345)).
Remote address, service is (209.214.148.159, 1123).
Process name is "N/A".


Although not many Wiki Watchdog pages are getting indexed by the search engines these days, I hope that the IPs will be of help to you should you Google one or more of them in relation to an attack on your own computer.



Related posts: