Hacker Bypassing Norton Internet Security

M3Blitz

Beta member
Messages
3
I have Norton IS, but I keep getting outside intrusions into my PC from this one source.

I first noticed this 3 days ago in Norton IS, under detailed statistics and am having trouble keeping this person from entering my computer. I keep seeing remote access from a URL.

The problem is that Norton allows this person in. Can I adjust the Firewall to keep this person out??? NAV full system scans come up with nothing.
 
I'm not sure blocking a website wi help, but perhaps complaining will... (see below)

what exatly is happeneing?
is someone on the machine that is a web server hacking you, or is there a program on your machine posting data to a webserver?

Code:
Non-authoritative answer:
Name:    [url]http://almostjdi.9p.org.uk[/url]
Address:  212.15.85.20

[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See [url]http://www.ripe.net/db/copyright.html[/url]

inetnum:      212.15.85.0 - 212.15.85.255
netname:      CSIUK
descr:        UK Internet Provider
descr:        Please address AUP complaints to [email]sales@portland.co.uk[/email]
descr:        or phone[b] +44 (0)870 1995 108.[/b]
descr:        Complaints are dealt with in line with
descr:        Portland Communications AUP immediately.
country:      GB
admin-c:      GS213-RIPE
tech-c:       GS213-RIPE
status:       ASSIGNED PA
notify:       [email]peering@csi.net.uk[/email]
mnt-by:       CSI-NOC
changed:      [email]reachus@nslnet.net[/email] 20041030
source:       RIPE

route:        212.15.64.0/19
descr:        CSI Telehouse Network
descr:        Please address abuse complaints to [email]abuse@csi.net.uk[/email]
descr:        Where they will be dealt with in line with our AUP.
descr:        Abuse complaints to any other address will be ignore.
origin:       AS8871
mnt-by:       CSI-NOC
changed:      [email]peering@csi.net.uk[/email] 20001119
source:       RIPE

person:       Gary Shine
address:      Netlink Solutions Limited.
address:      1661 Spring House Trail
address:      Virginia Beach
address:      Virginia 23455 U.S.A
phone:        +1 757 460 3555
fax-no:       +1 757 460 7759
nic-hdl:      GS213-RIPE
e-mail:       [email]reachus@nslnet.net[/email]
notify:       [email]reachus@nslnet.net[/email]
mnt-by:       CSI-Noc
changed:      [email]reachus@nslnet.net[/email] 20011021
source:       RIPE
 
unplug the comp from the modem. make a backup. reformat. and then replace things. and change your IP and port.
 
I think the server was making it's way into my system. The log shows a lot of back and forth data being transferred. Thanks for your help. I found the culprit, my lazy @$$ never got around to downloading SP2 and there was a javascript module attached my own Xanga site. (yikes). It mustve worked like some kind of tracer and made it's way through the IE port while i was surfing. I deleted the module and I'll keep my eye out if I see that site again.
 
You can always do a WHOIS lookup with www.ripe.net.. they have a big database. But if it helps you (like it does for me =)) use Visual Route to see just exatly they are located ;-)
 
I use visual route, and I have jwhois installed on my machines that queries loads of ripe type databases (there are different authorities for each country)
 
Back
Top Bottom