I've had black ice defender for awhile now and have noticed a significant increase in the amount of Sub Seven Port Probes.

What gives?
What is actually going on when this attack takes place?

Thank You
Jon

This means that there is a lil wannabe "Cracker" out there that wants to see who is running the server (trojan).
If it looks like you are being specificaly targeted (same IP doing the probe all the time) then look out for a friend / contact that may have tried to patch you.
(Also try to see if you are running the trojan)
If it originates from different IPs all the time, then don't worry too much....
You caught the probe and did not allow it.
Firewall did it's job.
If you really want to be an ass, trace the IP back to the originator and then complain to their ISP. (NOTE) It is possible that the person (IP) that probed you is NOT the person that is initiating the probe.

So be careful, you could be reporting a totally innocent 65 year old woman of hacking.

If you do decide to report it. Note the time of the probe, the IP and any other info that might help.

Do not retaliate to these probes.
Your ISP will see that you are running these programs and they can shut down your account.

Personally, I don't think it's being an ass to report abusers of the service to the ISP. (shrug) There's really no better way to shut the kiddies down than having their ISP slap their wrist.

If they're sophisticated enough to spoof IPs and they're trying to intrude other systems without permission, then the ISP will notice this and A) take steps to keep it from happening through their systems (routers) again, and B) start a more serious investigation.

There is no "right" to attempt to break into other peoples systems. The mere concept is completely juvenile.

Regards,
-Bouncer-



------------------
"Yeah Baby, YEAH!!!"

Maybe I phrased that poorly Bouncer.

All I menat to say is that I have had several probes and have traced back and emailed the offender (telling them that I am going to report them) just to find out that they are not the person doing the probe.
I have cleaned several trojans from peoples computers after they have been "probing" me.
(With their permission)
Most people don't have a clue that they are patched and since the connection is always on, they are perfect through points for the kiddies.

Most of the trojans have built in packet forwarding. You don't have to be a genius to "spoof" and IP through an infected user.
Usually an email to the person directly solves the problem. If not, then I take it up with their ISP.

I do not tolerate this type of action either.
Just making a statement that not all IPs that initiate a probe are the offender themselves.

Peace
FunK