ISP using Default Block Backdoor/SubSeven Trojan

  Richard Hillman 01:46 16 Jun 2003


A few weeks ago I received a high risk security alert off Norton Internet Security 2003 saying that "a computer with the IP address attempted to connect to your computer using Default Block Backdoor/SubSeven Trojan horse".

I checked up on the details and domain of the address and the name given to me was that of my internet service provider. Norton reccomended that I contact the company which I did but received no reply.

I've now just received a new security alert, again concerning the same company which is why I thought it was best I put this forward to you lot.

Does anybody know what's going on here and whether it's all legit?


  rabadubdub 02:54 16 Jun 2003

were the ISP? I think we should be told. It seems their own security isn't that hot. I may have my own suspicions, but I would never suggest the name of a cable company as likely candidate as that would be wrong.

  Xevious 09:27 16 Jun 2003

hmmmmm, i get the same message regularly, i read somewhere that norton has this as a bug (aka feature) in their software?
rabadubdub, you also using NIS2003?
yes, i also use a certain cable company...

  Gaz 25 10:57 16 Jun 2003

I wouldnt worry anyway, firewall blocked it.

  Xevious 13:24 21 Jun 2003

yeah, but what does manage to get through that we don't know about...???

  muppetmark 14:00 21 Jun 2003

Blueyonder regularly scan for abuse, unprotected servers etc, perhaps this is what Norton is picking up. And yes it is legit

  Xevious 15:51 21 Jun 2003

hence the frequent TCP alerts?

also keep getting NIMDA_PROPOGATION alert, always one of these 3 warnings... is the nimda one anything to worry about?

  muppetmark 16:41 21 Jun 2003

The TCP alerts most likely are just checks for unprotected server, before I had a router I would have 6/7 scans daily reported by Sygate all from the same IP, = BY.

Cannot offer any assistance with NIMDA, tho there is a NIMDA virus.

  VoG® 16:45 21 Jun 2003

click here

I wouldn't worry about these alerts, ore where they (appear) to originate from. Your firewall is protecting your 'puter so relax.

If you want to test your firewall click here

  Despicable Desperado 23:30 21 Jun 2003

There are a whole heap of comments/complaints re NIS2003. Why not uninstall the firewall portion and install Sygate (which is a free downlaod courtesy of PCA) and see if things change.

  Richard Hillman 23:01 24 Jun 2003

Thanks all for your help. I'm sure everything's OK, it's just reassuring to hear other people's opinions when you're not 100% up on the technology. Much appreciated.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

WPA2 Hack Latest News: How Secure is your Wi-Fi?

Photoshop CC 2018 released with new Curvature Pen and better brush tools

Best kids apps for iPhone & iPad

Comment utiliser Twitter ?