Hey check this out, some ******* tried to hack me

2001/05/28 4:02:41 PM GMT -0400: 3Com EtherLink PC..[0001][No matching rule] Blocking incoming TCP: src=207.179.175.212, dst=xxx.xxx.xxx, sport=1513, dport=27374.
2001/05/28 4:02:44 PM GMT -0400: 3Com EtherLink PC..[0001][No matching rule] Blocking incoming TCP: src=207.179.175.212, dst=xxx.xxx.xxx, sport=1513, dport=27374.

Can he hack me even if I don't have the sub7 virus in my pc?
Any suggest what to do?

I kept getting critical warnings stating that my filter was penetrated (BID) so I updated my firewall and haven't got the error since.

Can he hack you? Not unless he's totally committed to getting in and brilliant. In other words, not likely.

Just ignore it. He was probably stabbing in the dark.

so he still can hack me right?
using the subseven program
all he need is the open the port right?
I thought u have to run the virus in order to use the sub7 program

SubSeven is not really a hack, its a RAT (Remote Access Trojan). What this person is doing is trolling for infected machines, ie where the SubSeven Server is already installed. SubSeven requires you to install the server (you usually don't know that you have installed it, hence the trojan name), usually by having you run a newsgroup or email attachment, or if you leave open fileshares it can be installed that way as well. So even if your 27374 port was wide open, it still doesn't mean anything unless your running the SubSeven Server which responds to promptings from the SubSeven client application, which is what this guy is doing. Note the SubSeven is a very powerful RAT.

Blake



Originally posted by Brian3012
so he still can hack me right?
using the subseven program
all he need is the open the port right?
I thought u have to run the virus in order to use the sub7 program

Man no disraspect but i dont think you have a clue what ya goin on about bro~!...lol...sub seven is a trogan program man...you wont pick up that you got a trogan through a firewall man...::::; you need a trogan cleaner like (Trogan Uproot) or (The Cleaner)...man you can get those programs from www.cnet.com ..
People can send you trogans through file transfers or email attachments. YES a trogan does open up a port ~!..i got a trogan security program running on my computer at the moment it moniters over 50 well known trogan ports man for example Sub Seven opens ports 1245 or 12456...
Trogans are a nasty thing man .... so just be suspicious and whatch out who you recieve files from....;)

MAN

Yeah, what Norm said!:rotfl:

Remember that trojans typically operate in a client/server configuration. If there is no client or server to connect to on the specific port the trojan operates from there is little to nothing the hacker can do to your system.

:rotfl: ...HEHEHEHEHEHEHE!!!!

where does it show he's a sub7 hacker?? anyway, good thing your protected, so you dont have to worry.

I average 2 hits like that a day, during the Mon-Thur period and 5 or more from Fri thru Sun period. It's not that uncommon and unless you see something outgoing that shouldn't be, I wouldn't worry about it!:rolleyes:

Originally posted by drdoug99
where does it show he's a sub7 hacker?? anyway, good thing your protected, so you dont have to worry.

If you look at his log, it shows that the connection attempt was on port 27374. That is the default port for Sub7 (a few versions).
That's why it's important to know what ports the attempts are on.
Obviously the person making the attempt is just scanning for clients. Most people that use Sub7 will assign a different port so that the red flag doesn't go up even if a firewall is in place. They won't be able to connect, but the firewall also will not show the connection on a "known" Sub7 port.

FunK

Oh, he can get in. (Note: I havn't read all the posts)

1.) Find your IP address (done)
2.) Find out if you are on a home/buisness network
3.) Find out if your firewall is allowing said networks to have access to your computer

4a.) If not- (s)he's screwed.
4b.) If so, then the hacker masks their IP address to a number in your subnet OR (s)he could try to modem bounce, but that's unlikely.

5.) If that isn't successful, They might run a Port Scanner on you every once in a while, just to see if you lower your firewall.

To read about this, go to www.hackers.com and download the .txt file "Digital Voodoo 3"

Originally posted by Brian3012
Hey check this out, some ******* tried to hack me

2001/05/28 4:02:41 PM GMT -0400: 3Com EtherLink PC..[0001][No matching rule] Blocking incoming TCP: src=207.179.175.212, dst=xxx.xxx.xxx, sport=1513, dport=27374.
2001/05/28 4:02:44 PM GMT -0400: 3Com EtherLink PC..[0001][No matching rule] Blocking incoming TCP: src=207.179.175.212, dst=xxx.xxx.xxx, sport=1513, dport=27374.

Can he hack me even if I don't have the sub7 virus in my pc?
Any suggest what to do?


Hey dude check this thread out read the link brent posted its long.
But way cool. This guy tells you about sub7 or what ever it and his test with firewalls on it;) great post man I really suggest you read the whole thing:)
http://forums.speedguide.net/showthread.php?s=&threadid=32896

That story by Steve was AMAZING.
That was one of the best security editorials I have read in a long time.
Thanks for the re-direct to that link. I didn't care too much about XP, so I never visited that thred until now.