TCP Connect to possible trojan?

Discussion in 'Trojan Defence Suite' started by Bowserman, May 4, 2003.

Thread Status:
Not open for further replies.
  1. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Used TCP Connect to connect to 4.65.18.119:27374, and got the reply " envy 1.2 antisub7". Is this a trojan?

    Thanks, Jade.

    BTW, got this address from an alert from my " Block All IN " rule in Kerio, and thought that the port used was suspect. So I decided to check it out
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Jade, IP: 4.65.18.119resolves:
    http://www.markmonitor.com Looking at the site, it could be something to do with market tracking cookies etc, Possibly from a site you have recently visited (not the above) and the tracker was trying to re-establish contact with your browser. This can sometimes happen if you break a contact & the server still thinks you should be there.

    I guess that that is some security "Anti-sub7"
    Sorry, I deleted my link about Anti-sub7 as I am not sure about the site.

    If you have scanned your PC with all options & TDS has found nothing I would not worry about it, especially sub7, as TDS has that Trojan well covered!
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Think it has to do with the port used, 27374 is a trojan port among others default for sub7 , so maybe they got some extra protection to that port.

    There is an anti-subseven server which can be used as an emulator. But i don't know who built it. What i read about it, it seems an emulator with some extra functionallity.
    You do have TDS which ypu can have acting like a server and thus preventing real accidents, with the sockets listening on trojan ports, with the TCP connect and port listen, etc.
    In your scripts folder you find Screx, which should be unzipped to it's own folder Screx to function, and read all readme txt files first. This is a very nice emulator too for different nasties.
     
  4. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Pilli & Jooske. Thanks for the info.

    Regards, Jade.
     
Thread Status:
Not open for further replies.