ProPort v 2.2

Discussion in 'other software & services' started by controler, Feb 23, 2003.

Thread Status:
Not open for further replies.
  1. controler

    controler Guest

    I am trying out ProPort at last and am not sure why, but there is no help file and the website is down for reconstruction. The other things that is wierd is the attack log is not displayed after you shut down ProProt and restart it again.
    the first two attacks were recorded with Sygate not running.
    Shivka-burka
    Scarab

    the last attack was captured with Sygate running again

    Fake FTP
     

    Attached Files:

    controler, Feb 23, 2003
    #1
  2. controler

    controler Guest

    Most recent attack log..

    see TXT file.
     

    Attached Files:

    controler, Feb 23, 2003
    #2
  3. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Controler,
    these are possibe trojan scans...correct ?
    And whats with that loopback being possible Fake FTP ??

    regards,
    bill :)
     
    eyespy, Feb 23, 2003
    #3
  4. controler

    controler Guest

    eyespy

    I am not real sure what this program is all about yet but it looks like it has good potential. The start-up editor seems to need some serious work though. I will be gone all next week for work and won't get much time to mees with it. Have you tried it out yet eyespy?
    Not sure what the loopback alert was all about yet either.
     
    controler, Feb 23, 2003
    #4
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,280
    Location:
    New England
    It appears that the program is hooked into the network stack somehow, and it is monitoring for any activity to a set of "known trojan" ports. If there is any activity at all on a monitored port, then the relevant data is written to the attack log with the guess that it could be the known trojan listed.

    Now, it also appears that it is not differentiating between the different network interfaces on your system. The localhost activity (127.0.0.1) is being reported the same way as your actual public (Internet) interface, when all it is likely to be is just simple loopback access to some randomly assigned return port for some network aware application.

    It looks like an interesting tool, especially if you were using a firewall that had limited alert or logging capability, or if you wanted the firewall's logging disabled, but, wanted to monitor for this type of activity.

    Does it allow you to add and remove ports from the list it is monitoring? That could be very useful.
     
    LowWaterMark, Feb 23, 2003
    #5
  6. controler

    controler Guest

    Hi LowWaterMark


    The program is wirtten in machine language and is fast. It is only an exe file and doesn't actualy install.
    Sine I am so hard pressed for time this week and won't be back till Friday I just have enough time to post the screen shot where you can add your own ports.
    I was hoping you guys would get a chance to check it out ;)
    Have a nice week :)
     

    Attached Files:

    controler, Feb 24, 2003
    #6
  7. controler

    controler Guest

    After messing around with this program a bit more this weekend, I see it has a link to a page with various info. Some is good, such as how to make your firewall more trojan resistant (link removed) but some of the info is on how to write perl viri ect. Both English and German instructions. You be da judge.

    Their program link is to a forum with only ONE member ans not much else.

    (tutorial link removed)



    - You were right controler when you said "some of the info is on how to write perl viri...". That being instructions on how to right better malware, the links have been removed. ;)
     
    controler, Mar 1, 2003
    #7
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    Well well...Eric seems to be alive and kicking. FYI: this guy created the "old" TFAK ;).

    regards.

    paul
     
    Paul Wilders, Mar 1, 2003
    #8
  9. controler

    controler Guest

    There appears to be some new information posted at his website.
    Has he been invited to post here yet? ;)
    I think he is too busy to answer private e-mails about his product.

    http://www.tdupage.com/
     
    controler, Mar 2, 2003
    #9
  10. controler

    controler Guest

    At first I thought this product had potential.
    I have now changed my mind and am abandoning and removing all traces of this software from my system due to suspicions about the creators intentions on the internet.
     
    controler, Mar 3, 2003
    #10
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...