I am trying out ProPort at last and am not sure why, but there is no help file and the website is down for reconstruction. The other things that is wierd is the attack log is not displayed after you shut down ProProt and restart it again.
the first two attacks were recorded with Sygate not running.
Shivka-burka
Scarab

the last attack was captured with Sygate running again

Fake FTP

Most recent attack log..

see TXT file.

Controler,
these are possibe trojan scans...correct ?
And whats with that loopback being possible Fake FTP ??

regards,
bill :)

eyespy

I am not real sure what this program is all about yet but it looks like it has good potential. The start-up editor seems to need some serious work though. I will be gone all next week for work and won't get much time to mees with it. Have you tried it out yet eyespy?
Not sure what the loopback alert was all about yet either.

It appears that the program is hooked into the network stack somehow, and it is monitoring for any activity to a set of "known trojan" ports. If there is any activity at all on a monitored port, then the relevant data is written to the attack log with the guess that it could be the known trojan listed.

Now, it also appears that it is not differentiating between the different network interfaces on your system. The localhost activity (127.0.0.1) is being reported the same way as your actual public (Internet) interface, when all it is likely to be is just simple loopback access to some randomly assigned return port for some network aware application.

It looks like an interesting tool, especially if you were using a firewall that had limited alert or logging capability, or if you wanted the firewall's logging disabled, but, wanted to monitor for this type of activity.

Does it allow you to add and remove ports from the list it is monitoring? That could be very useful.

Hi LowWaterMark


The program is wirtten in machine language and is fast. It is only an exe file and doesn't actualy install.
Sine I am so hard pressed for time this week and won't be back till Friday I just have enough time to post the screen shot where you can add your own ports.
I was hoping you guys would get a chance to check it out ;)
Have a nice week :)

After messing around with this program a bit more this weekend, I see it has a link to a page with various info. Some is good, such as how to make your firewall more trojan resistant (link removed) but some of the info is on how to write perl viri ect. Both English and German instructions. You be da judge.

Their program link is to a forum with only ONE member ans not much else.

(tutorial link removed)



- You were right controler when you said "some of the info is on how to write perl viri...". That being instructions on how to right better malware, the links have been removed. ;)

-{ Quote: "After messing around with this program a bit more this weekend, I see it has a link to a page with various info." }-

Well well...Eric seems to be alive and kicking. FYI: this guy created the "old" TFAK ;).

regards.

paul

There appears to be some new information posted at his website.
Has he been invited to post here yet? ;)
I think he is too busy to answer private e-mails about his product.

http://www.tdupage.com/

At first I thought this product had potential.
I have now changed my mind and am abandoning and removing all traces of this software from my system due to suspicions about the creators intentions on the internet.