A computer at IP Address 216.40.247.45 has attempted an unsolicited connection to TCP port *REMOVED* on your computer.
TCP port *REMOVED* is commonly used by the "J-LAN-P" service or program. <font size="2" face="sans-serif, arial, verdana">*REMOVED* by me for purpose of this post.

I would say, that somebody has access to your computer........ But hey...... what do I know about computers http://forum.shrapnelgames.com/images/icons/icon9.gif

This ticks me off, I cannot leave to do a GD thing without someone accessing my COMPUTER!. Take today for instance, I am gone doing RL BS CRAP, and I come home to find my Firewall Freaking out. I HATE hackers!

I'd say that someone TRIED to access your computer but failed miserably and I wouldn't worry about it.

It happens all the time and your firewall seems to be doing what it's supposed to do.
So save the worries for all the other stuff that needs worrying. http://forum.shrapnelgames.com/images/icons/icon6.gif

[ August 02, 2004, 23:07: Message edited by: Ruatha ]

It's an old port scanner. Here are the specifics.


Name: Phineas Phucker
Aliases: Orifice.srv.b,
Ports: 2801
Files: Pphucker.zip - 408,280 bytes Phineas.com - 93,250 bytes Phucker.exe - 352,768 bytes
Created: Dec 1998
Requires: N/A
Actions: Remote Access
Versions: N/A
Registers: HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunS ervices
Notes: Works on Windows.
Country: N/A
Program: N/A


You all need to start using firewalls, and then close everything that does not have to be open. Software firewalls are better than nothing, but not much.

I rarely use my hardware firewall, right now it stands in the closet, the software firewall has kept me safe for over a year now. I'm quite satisfied with it.

Broadband constant connection since 1998 and never had any intrusion, trojan or virus.
(I've had the "Form A" virus, but that was 1994 I think and it came on a floppy, and it was pretty harmless.)

[ August 02, 2004, 23:39: Message edited by: Ruatha ]

I usually just ignore Messages like that from my Firewall. The only time your eyebrows should be going up is if you get several Messages in a row involving the same outside IP, or, if looking through your Firewall log (which is good to do every now and then) you see a pattern of attempts by the same IP at the same time of day every day. Stuff like that usually means someone (or some software) is persistantly trying to get into your System. When that occurs, do a search of what ISP that IP comes from, and send that ISP an e-mail detailing what's happening.

I had someone from Pairs port scanning my System repeatedly for 2 or 3 hours strait on a couple of different days, so I tracked down the ISP and sent them an e-mail. I got a quick response back, but unfortunately the ISP apparently didn't have anyone there that could read english, so I didn't get much futher with them. But the port scanning stopped shortly after http://forum.shrapnelgames.com/images/icons/icon12.gif

If your firewall is 'popping up' Messages like a pop-up whenever an intrusion is detected, you can disable the pop-ops. Norton does that unless you disable it (which I did).

All machines on the net will get probed. Some are automatic scripts, some are installed programs (trojans/viruses) from someone elses machine and they might not know its doing it, some might be accidental.

If a random roaming probe finds something "interesting" then you might get a return visit which continually tries different things and different ports. Thats something worth reporting.

Alot of what I do is forensics of systems that are broken into. Anymore its getting hard to find any to work on. Even honeypots dont work anymore.

Its the aliens. Really, I'm sure of it.

http://forum.shrapnelgames.com/images/icons/icon7.gif

That is because you are one of them!

*masses armada to destroy looming Insatian fleet*

bwhahahaahah
indeed, fear my robotic kitten armies!

think about how awesome an army of robotic kittens would be...

Soldier 1: "Ah, they're soooo cute!"
Robokitten: "mew mew mew"
Soldier 2: "Awwww...."
Soldier 1: "... what the? OH GOD its clawing my face off!!"
Soldier 2: "They're so cute yet so diabolical!"

[ August 03, 2004, 02:35: Message edited by: Instar ]

I am just a PB ya know. http://forum.shrapnelgames.com/images/icons/icon10.gif

Ok, so I open my email just now and OH BOY I have a message from MICROSOFT, along with an attachment. (Virus Detector goes off)

http://forum.shrapnelgames.com/images/icons/icon10.gif I actually LOL at this.

Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!

Email phishing... there has to be some way to authenticate emails (http://www.sigaba.com) ...

Originally posted by Instar:
Email phishing... there has to be some way to authenticate emails (http://www.sigaba.com) ... <font size="2" face="sans-serif, arial, verdana">There is, Cisco is about to make it happen at the router level.

Not heard it called phishing before..ussually called spoofing. And you -can- tell its being done, if you look at all the headers carefully.

Of more concern is an email I got from "Citibank" asking me to change my PIN. The link said http://citibank.blahblahblah, but actually lead to a site with no DNS entry- if you looked in the status bar. If you didn't, and clicked on the link you got an exact copy of the Citi website. Even the first part of the domain name was right- but if you read farther the spoofing was there.

Of course, I'm not a Citibank customer..so I KNEW something was fishy. Wonder how many people will fall for that.

ISTM,
Spoofing would be pretending to be the authority.
Phishing would be trying to steal the info.

Originally posted by Atrocities:
Ok, so I open my email just now and OH BOY I have a message from MICROSOFT, along with an attachment. (Virus Detector goes off)

http://forum.shrapnelgames.com/images/icons/icon10.gif I actually LOL at this.

Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected! <font size="2" face="sans-serif, arial, verdana">Unless you go to Microsoft's Web Site and sign up to recieve notices, you'll never get a message from Microsoft (outside of Hotmail related garbage).

When Microsoft wants to get a hold of you, they use Lawyers, not e-mails.

http://forum.shrapnelgames.com/images/icons/icon12.gif

Thank god 'Call for Help' is comming back to TechTV Canada. When you needed info from the computer world, there was no better source of help & information.

Originally posted by Phoenix-D:
Not heard it called phishing before..ussually called spoofing. And you -can- tell its being done, if you look at all the headers carefully.

Of more concern is an email I got from "Citibank" asking me to change my PIN. The link said http://citibank.blahblahblah, but actually lead to a site with no DNS entry- if you looked in the status bar. If you didn't, and clicked on the link you got an exact copy of the Citi website. Even the first part of the domain name was right- but if you read farther the spoofing was there.

Of course, I'm not a Citibank customer..so I KNEW something was fishy. Wonder how many people will fall for that. <font size="2" face="sans-serif, arial, verdana">Far toooooo many. I almost did late one morning. I was in the process when Pooh Star came in to say good night. I "woke up" and realized what I was doing.

I called Citibank. They gave me an address to forward it to.

Originally posted by Katchoo:
</font><blockquote><font size="1" face="sans-serif, arial, verdana">quote:</font><hr /><font size="2" face="sans-serif, arial, verdana">Originally posted by Atrocities:
Ok, so I open my email just now and OH BOY I have a message from MICROSOFT, along with an attachment. (Virus Detector goes off)

http://forum.shrapnelgames.com/images/icons/icon10.gif I actually LOL at this.

Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected! <font size="2" face="sans-serif, arial, verdana">Unless you go to Microsoft's Web Site and sign up to recieve notices, you'll never get a message from Microsoft (outside of Hotmail related garbage).

When Microsoft wants to get a hold of you, they use Lawyers, not e-mails.

http://forum.shrapnelgames.com/images/icons/icon12.gif

Thank god 'Call for Help' is comming back to TechTV Canada. When you needed info from the computer world, there was no better source of help & information. </font><hr /></blockquote><font size="2" face="sans-serif, arial, verdana">$.02 Also, Microsoft NEVER distributes software via email. /$.02

I got one from support@community.net which is the main email address I use. It was telling me that they had seen a large number of emails coming from my machine, and they feared I was trojaned. They provided a nice file and instructions on how to run it to clear things up. As an ISP systems admin, I knew better than to ever do anything like that but I worried that others might fall for it.

In my case the use of support@ my ISP was pretty funny since community.net died years ago and has no support section.

I like the spam with random words or gibberish, like this Originally sent by tehdrbcumvig@usa.com
Fbkqya aabhlwtsd yeuvq gzjxwn Tfdlcedxd nydzlular. xanro Rtubch fezaz
Hpllgdfbex Afrbesdbxc Pikbeab atoxkxfe uripyey fqrob.
sgxehbcwi bbsvlb jfuasxxr hqubqrw jszjtykel dnmgvvo qffjr ztdynn
Weoiwwso vlujlmgd mhoxfplyv Setmldgaw intvyodn Pjngmdd Huzsnuzihs ocinmvr favdmtj
ymsdw Youqlnqx rkieax nimnoyii Hidbivsko neavkt bsfhfjv Qnpcphnen zsybxnn,
jqqwtgmep Ebarmuim tqjjnpta gojszvu zhglwox. ocjqnw pbvwao
Qraapnuv Lmyzkg xrjkozcso sswugs ozzfycf ilbemlti osxwgnihv fxqeb, twpxw<font size="2" face="sans-serif, arial, verdana">The ones with random words that are acutally properly arranged (as nouns, verbs, pronouns and whatnot should be) and conjugated but make no sense are good too. I don't have one around right now, but I may edit one into this post later.

Can anyone tell me why text like this is included in an advertizement? It doesn't keep Hotmail from filtering it out as spam, so I'm wondering what it's supposed to be doing for the advertiser.

The point of those is twofold. Some of them have real HTML Messages that are supposed to be seen instead of the gibberish. That is supposed to defeat spam filters.

The others are designed to confuse adaptive spam filters. The idea is if you mark enough of them as junk it'll think ALL your mail is junk and you'll stop using it.