TransScout Trojan Horse?

[chris8852]

On Norton Personal Firewall 2003 I get attacked by dozens, if not hundreds, of different IPs by the 'TransScout Trojan Horse'... I get attacked every second, literally, and I think it's using a consistent amount of my system resources (It reports over 500,000 recent intrusion attempts). I'm wondering if there is a way I can turn the reporting off without turning blocking off, or if it is a major threat if I do turn it off, or some other fix.. It's quite annoying.

P.S. I'm on a cable modem (Dynamic IP that never changes... What's the point?)

[nochay]

Quote:

Originally posted by chris8852
On Norton Personal Firewall 2003 I get attacked by dozens, if not hundreds, of different IPs by the 'TransScout Trojan Horse'... I get attacked every second, literally, and I think it's using a consistent amount of my system resources (It reports over 500,000 recent intrusion attempts). I'm wondering if there is a way I can turn the reporting off without turning blocking off, or if it is a major threat if I do turn it off, or some other fix.. It's quite annoying.

P.S. I'm on a cable modem (Dynamic IP that never changes... What's the point?)

then you must have a static ip address. unplug yourself from the net, then reconnect. does it change then? If not, then it is static. Are you keeping up to date on all your security patches? Do the ip addresses change? try blocking the ip addresses.

Dane

[doddsy]

these may not actually be attacks, i got loads of warnings about sub 7 trojans with nis 2003. you can stop the alertes from appearing without affecting your security.

open norton firewall
and click configure (my firewall is part of NIS 2003 so the route to configure might be slightlydifferent)


click the advanced tab

click trojan horse rules

find transcout in the list and hightlight it (don't uncheck the box)

now with transcout highlighted click the modify button

now click the tracking tab

and uncheck the two "notify me" boxes

then click ok-ok-ok.............no more alerts.....security unaffected...

doddsy

[chris8852]

Thanks!
Question though... If they are not attacks... What are they?

[doddsy]

i read somewhere............can't remember where ............that lots of attack alerts of the same kind may actually be legitimate traffic, even your own isp, but using the port at which that particular attack is expected...............this may or may not be fact.........but lots of alerts is a nuisance.............so disabling the alerts while maintaing security seemed to be a good course of action.

i take it this has worked for you.

welcome to techimo!

[butch81385]

i ran into the same problem on my university connection. apparently the university would check to see if we were online (they monitored our bandwidth) and when they checked NIS thought it was a sub7

[nochay]

Quote:

Originally posted by doddsy
i read somewhere............can't remember where ............that lots of attack alerts of the same kind may actually be legitimate traffic, even your own isp, but using the port at which that particular attack is expected...............this may or may not be fact.........but lots of alerts is a nuisance.............so disabling the alerts while maintaing security seemed to be a good course of action.

i take it this has worked for you.

welcome to techimo!

yes, that is true. alot of trojans use common ports, like port 80,21, & so on. We know these are web server and ftp server ports, so NIS would go crazy with these!