Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Trojan Alert From games2.iol.ie - Urgent

Options
  • 07-02-2004 2:26am
    #1
    TheHairyFairy
    Closed Accounts Posts: 1,285 ✭✭✭


    Hi,

    Had an alert from my firewall software a few mins ago. It was alerting me to an attempt to access my machine. The following text gives the details.

    Rule "Default Block DeepThroat Trojan horse" blocked (games2.iol.ie(193.120.123.135),3150)
    Inbound UDP packet
    Local address,service is (DMAC-Livingroom(62.53.40.146),3150)
    Remote address,service is (games2.iol.ie(193.120.123.135),14690)
    Process name is "N/A"

    Norton Personal Firewall allows you to see where the attack orginated from and gives the following details...

    inetnum: 193.120.123.128 - 193.120.123.159
    netname: PAULF-ESAT-20031020
    descr: Player of Games .COM
    descr: Block C, Dundrum Business Park
    descr: Dundrum
    descr: Dublin 14, Ireland
    mnt-lower: IEUNET-NOC
    mnt-routes: IEUNET-NOC
    country: IE
    admin-c: PF1121-RIPE
    tech-c: PF1121-RIPE
    mnt-by: IEUNET-NOC
    notify: ripe@esat.net
    changed: ripe@esat.net 20031020
    status: ASSIGNED PA
    source: RIPE

    Now I am not saying this is right, coz I dont know enough about this sort of thing, but I wonder why it cites games2.iol.ie in the text. I had a few browser windows open and ASE so that might explain it. Any help anyone?

    The Fairy


Comments

  • Options
    #2
    ssh
    Closed Accounts Posts: 484 ✭✭ssh


    What a cock-tarded firewall.

    A two way UDP "connection" between you and games2.iol.ie querying the status of the server occured. Your PC started the conversation, with a source port of 3150, which just happens to be the port that this trojan listens on. games2.iol.ie replies on this port letting you know what the story is.

    Your firewall should have some stateful stuff for handling UDP properly. It should have realised that the conversation started on your end.

    EDIT: Sorry, that sounded quite grumpy. Yes, you are better to be safe than sorry, but maybe you should consider using a different firewall if that behaviour continues :-)


  • Options
    #3
    TheHairyFairy
    Closed Accounts Posts: 1,285 ✭✭✭TheHairyFairy


    I use Norton. I was using Kerio before but Norton cam on this puter. Should get BB in the next few months and intend getting a wireless router/modem so that will have firewall anyway.

    Thanks for the reply.

    The Fairy.


  • Options
    #4
    Dcully
    Moderators, Computer Games Moderators Posts: 14,707 Mod ✭✭✭✭Dcully


    Get rid of Norton,it sucks.
    Get AVG instead,100% free with free updates.
    I never knew my comp had 2 viruses while rinnung Norton but when i installed AVG it found the 2 Norton had missed.


  • Options
    #5
    suppafly
    Registered Users Posts: 3,055 ✭✭✭suppafly


    get zonealarm its better


Advertisement