ISP using Default Block Backdoor/SubSeven Trojan

  Richard Hillman 01:46 16 Jun 03


A few weeks ago I received a high risk security alert off Norton Internet Security 2003 saying that "a computer with the IP address attempted to connect to your computer using Default Block Backdoor/SubSeven Trojan horse".

I checked up on the details and domain of the address and the name given to me was that of my internet service provider. Norton reccomended that I contact the company which I did but received no reply.

I've now just received a new security alert, again concerning the same company which is why I thought it was best I put this forward to you lot.

Does anybody know what's going on here and whether it's all legit?


  rabadubdub 02:54 16 Jun 03

were the ISP? I think we should be told. It seems their own security isn't that hot. I may have my own suspicions, but I would never suggest the name of a cable company as likely candidate as that would be wrong.

  Xevious 09:27 16 Jun 03

hmmmmm, i get the same message regularly, i read somewhere that norton has this as a bug (aka feature) in their software?
rabadubdub, you also using NIS2003?
yes, i also use a certain cable company...

  Gaz 25 10:57 16 Jun 03

I wouldnt worry anyway, firewall blocked it.

  Xevious 13:24 21 Jun 03

yeah, but what does manage to get through that we don't know about...???

  muppetmark 14:00 21 Jun 03

Blueyonder regularly scan for abuse, unprotected servers etc, perhaps this is what Norton is picking up. And yes it is legit

  Xevious 15:51 21 Jun 03

hence the frequent TCP alerts?

also keep getting NIMDA_PROPOGATION alert, always one of these 3 warnings... is the nimda one anything to worry about?

  muppetmark 16:41 21 Jun 03

The TCP alerts most likely are just checks for unprotected server, before I had a router I would have 6/7 scans daily reported by Sygate all from the same IP, = BY.

Cannot offer any assistance with NIMDA, tho there is a NIMDA virus.

  VoG® 16:45 21 Jun 03

click here

I wouldn't worry about these alerts, ore where they (appear) to originate from. Your firewall is protecting your 'puter so relax.

If you want to test your firewall click here

  Despicable Desperado 23:30 21 Jun 03

There are a whole heap of comments/complaints re NIS2003. Why not uninstall the firewall portion and install Sygate (which is a free downlaod courtesy of PCA) and see if things change.

  Richard Hillman 23:01 24 Jun 03

Thanks all for your help. I'm sure everything's OK, it's just reassuring to hear other people's opinions when you're not 100% up on the technology. Much appreciated.

This thread is now locked and can not be replied to.

Surface Pro (2017) vs Surface Pro 4

20 groundbreaking 3D animation techniques

How to mine Bitcoin on Mac