Plug-ins?

Discussion in 'Trojan Defence Suite' started by Spanky, May 3, 2003.

Thread Status:
Not open for further replies.
  1. Spanky

    Spanky Registered Member

    Joined:
    May 2, 2003
    Posts:
    23
    I read in the help file that 13 plug-ins are available.

    Backdoor Knock (NT)
    Common Ports Check
    Encryption Keyfinder
    Interrogate
    IRC Scan
    LAN Scan
    Password Changer
    Netbus Emulator
    NetBus Host Hunter NT
    Global Network Shares
    SMTP Control Module
    TCP Inspector 1.0
    Trojan Ports Check

    I use WXP.

    What, if any, plug-ins are worth loading?
    Where do I get them & how do I config TDS to use them?
     
  2. Finn McCool

    Finn McCool Registered Member

    Joined:
    Mar 3, 2003
    Posts:
    49
    Location:
    New Orleans
    You should already have them. Just go to configuration and check the square to load plugins.
     
  3. Spanky

    Spanky Registered Member

    Joined:
    May 2, 2003
    Posts:
    23
    Thx Finn. I see where I put a check in the box 'Load Pulgins', but this loads all 13. Is this an 'all-or-none' proposition. Can only one or two be loaded?

    Do you recommend loading them all?
     
  4. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Hi Spanky,
    You only load the plugins in memory when you execute them.
    Dolf
     
  5. Spanky

    Spanky Registered Member

    Joined:
    May 2, 2003
    Posts:
    23
    Sorry if this sounds stupid, but how do I execute them?
     
  6. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Menu -> Plugins :D
    Dolf
     
  7. Spanky

    Spanky Registered Member

    Joined:
    May 2, 2003
    Posts:
    23
    Yeah, that was a stupid question. Sorry for being a moron. Thx for being patient. This prgm is very powerful.

    A couple of the plugins locked on me. No problem. No hard lock.

    The TCP inspector reported it was able to connect to 3 ports:

    25 - SMTP
    110 - POP3
    135 - NetBIOS

    Do you see anything wrong with that?

    I use ZoneAlarm on a cable connection.
     
  8. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi Spanky!

    No, that's not a problem. But for the ports 25 and 110 there should be written "closed". Both ports are being used by your mail software. If you have NetBIOS activated (printer and file sharing) then this is o.k. as well that port 135 is open. Are you in a network and are you using printer and file sharing? If not, deactivate NetBIOS (printer and file sharing).

    Don't forget that you probe your own system. If you wanna try to probe your system from outside and see how secure it is, go and do these tests:

    www.pcflank.com

    Best regards!

    Patrice
     
  9. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Spanky, The first two are your email, the third is your local network - 135: DCE endpoint resolution, RPC-LOCATOR - RPC (Remote Procedure Location Service .
    If you are a stand alone pc disable file & print sharing, if you have a local network check that ZA is correctly set up go here http://scan.sygate.com/ and this will show if port 135 is open to the Internet.

    HTH Pilli
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Wow! Pilli wat a lovely new avatar and so appropriate! Applause for you!

    Yes those ports can be blocked in the firewall as long as you get emails through :)
     
  11. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Thanks Jooske, Maybe running a bit fast?

    Spanky & Patrice, The reason I suggested sygate test is that it can find your true IP addy when you are using a NAT router PCflank cannot & usually only sees your ISP's cache sever thus testing the cache server & not your true IP. ;)
    I'll also add this one:
    http://www.auditmypc.com:85/scanoptions.asp?S=204779YZ7V8Z7Z700
    & This one:
    http://www.dslreports.com/scan

    Pilli
     
  12. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi Pilli!
    Funny, I have a NAT router and PC Flank finds out my correct IP. Check it again with your router! :rolleyes:

    Best regards!

    Patrice
     
  13. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Well Patrice you may have a problem, although you may not be going through a cached server i.e proxy server of your ISP:

    QUOTE:

    IP Address test
    The test could not determine your IP address.

    The test has found that the IP address used by your computer cannot be scanned. This commonly occurs because of a firewall program on your computer and/or you are connected to the Internet through a proxy-server or your ISP uses Network Address Translation (NAT) to share IP addresses.

    This means the test cannot check your system as the results of the testing would be incorrect.

    END QUOTE:

    :D Pilli
     
  14. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    hmm, bit confused now.
    when you are behind a router, ok, your computer ip is hidden. But who cares, it's about your external security and your public ip should be tested, and that ip is not hidden o_O
    Dolf
     
  15. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Dollefile, Sygate, Auditmupc & DSL can find my true IP i.e. my routers IP which is at present 80.10.76.1 (fictitious for this post)) PC flank cannot define it.
    My pc's actuall address is 192.169.1.100 which is a private address used by my network and is as prohibeted Internet address & is Translated by the router using NAT.
    The router is stealth to port scans according to the above sites that can see the routers true addrees, so I am fairly confident that it is working correctly.

    Any other result would be worrying ;)
     
  16. Finn McCool

    Finn McCool Registered Member

    Joined:
    Mar 3, 2003
    Posts:
    49
    Location:
    New Orleans
    All of the above tests on my system indicate that they can identify my NAT but not my machine. So I get the same results with my firewall off or on. Most of the tests say that the results are not valid if the address shown is your NAT.
     
  17. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Finn McCool, The router will show Stealth or Blocked to the probes if it is setup correctly & yes it should not make any difference if your pc's firewall is on or off as the router is doing it's job.
    The software firewall (I use Sygate Pro 5) is mainly to stop or control outbound connections.
    Though with TDS3 there is very little chance for a Trojan even getting on to your PC let alone making an outbound connection.
    Also being able to monitor all the connections using Port Explorer can show other malware or phone home programmes.
     
  18. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi Pilli!
    Well, the test doesn't find out my internal IP-address 192.168.XX.XX, but it finds out the IP, the provider gave me. 62.XXX.XXX.XXX. I'm having a broadband connection. This means, it's not my system which is scanned, it's my router. Got it now? ;)

    Regards,

    Patrice

    P.S. The aim for these tests is to scan your system for vulnerabilities, so I would allow them to find out your IP once. Try it, perhaps you find out something new.
     
  19. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Patrice, I know what you are saying but in my case and that of many others PCflank fails to determine our router IP address as given by our ISPs.
    Your situation is obviously different. :D
    Sygate, DSL & Audit my pc can find my real (router) IP addy.
     
  20. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Mhh... that's interesting in a way! I wonder why -this has something to do how they implemented the scan engine into their site I guess.

    Regards,

    Patrice

    P.S. Nevertheless, you just test your router and NOT your system. :doubt:
     
  21. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    well, if no nasties can pass my router, my system is safe from inbound connections, isn't it ??
    Dolf
     
  22. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Dollefile, Correct! :D And with your other security software, hackers or crackers will always go for a softer target. Looking at my WallWatcher log today I can see at least ten different compromised PCs with their probes bouncing of my router ports 137, 139 & 445 Bugbear etc.
     
Thread Status:
Not open for further replies.