trial version/ false positives

Discussion in 'Trojan Defence Suite' started by zigahoo, Jan 24, 2005.

Thread Status:
Not open for further replies.
  1. zigahoo

    zigahoo Guest

    Maybe im just stupidt but im having alot of problems with my trial version of tds-3 ,it sais im connected to the target host but wont ping them and always has a broken trace, cant seam to get udp port to listen on or tcp connect to listen either.it will show im connected on port 21 and 1720 even shows when sending , does it conferm that what i sent is recieved?i do intend on buying the program but what are the limitations of the free trial,does it work or is it just a touch the buttons type of free trial.?
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi zigahoo, It looks like you need to visit TDS3's extensive help file but regarding TCP connect here is a little from the help file that may help you.

    The limitations of the trial are:
    No Execution Protection
    Limited SS3 scripting
    No automatic updates i.e. You need to get the updates manually from the DCS site.

    HTH Pilli
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there, and welcome to the forum!

    I think it is understanding the program.
    In Target Host you can put any IP or URL and do your stuff.
    For instance test this:
    Put In your HOSTS file make an addition like
    127.0.0.1 www.myowncomputer.com (or something which doesn't exist)
    Now also look for your current IP address.
    (System analysis > get IP address)
    First put your 127.0.0.1 in Target Host and resolve: it should give you "local host"
    Now put your IP address there and resolve, it should give you taht phantasy URL you just added to your HOSTS file.
    Ping them both, trace them, resolve them, now with the connect:
    connect to 127.0.0.1 will be forcefully rejected, but to your IP address might enable you to connect. Now the Helpfile gives some info how to use that function further.


    The Port Listen is on TCP and it depends on what you're expecting: put it on a port, like 80 for instance and you might see some traffic coming in: we did many years ago with allowing that port in the firewall and seeing the CodeRed infections coming in, or set it on port 137, which is a lot portscanned too, or another port you see scanned a lot at that time.


    Now for the sockets: you can configure those automated and let only a few bytes in and have your email address and beep alarms for attacks.
    Now with that go to a test site like ShieldsUp! to have your ports scanned and you should see a few alarms. If you use the plugins for Trojan Ports you should get some of the same alarms.
    Port 21 is a FTP port, so if you have a FTP server you will find that open, or during connections to such sites for your downloads. You can block that in your firewall if needed.
    1720 = H323HOSTCALL - h323hostcall
    i'm not familiar with that one?
    Could that port be used by a D-Link router for instance?

    You see what you receive yourself in the Traffic Bridge (which can function as a proxy if you like) or the Port Listen, you can even change data there.


    The trial is fully functional, be it that you need to update the databases manually from the site, and you can't install the Exec Protection, and you can't run scripts over 5kb size. all the scanning, testing, running small scripts, network functions work fine also in the trial.

    Hope this helps somewhat.
     
Thread Status:
Not open for further replies.