Backdoor sub/7 is a virus that allows a remote user to take over control of your computer.
That's the short answer!
What you are experiencing with your firewall are users scanning your ip for the sub7 virus. If you HAD the virus, and no firewall blocking the person scanning you, they could "own" you...meaning they had successfully taken over your computer.
As long as the firewall is blocking the attack, then your OK.
I'm suprised that it still exists. I tested those programs out years ago. BackOrifice, for example, has to be nearly seven years old (maybe not quite that old, maybe it's only five.)
I wrote a little program once to play a .wav file of a doorbell ringing whenever someone hit port 12345 or 31337 (where BO and Sub7 usually get you) but had to turn it off because it went off too much at random times.
It's definitely a random scan most of the time though. I remember programs that would take a range of IP addresses (e.g. 192.168.1.1 to 192.168.1.255) and scan all of them, just to see if it was installed. That's what this probably is more than anything.
Another annoying thing was all the Microsoft IIS web server worms. When I was running my own web site back then, over 2/3 of all the hits I got were from those stupid things. I would watch my server logs and they would just scroll by while thousands upon thousands of hits went by looking for IIS exploits.
I was running Apache webserver on Linux though, so that made it even more pointless.
Backdoor sub/7 actually seems to be on a revival of sorts. I used to have all ports open to my server and used a software firewall to protect it. I would get attempted attacks daily, numerous times. Then I set up port forwarding on my router and they can't get past first base anymore!
I've run quite a few of the offending IP addresses and they are mostly communication companies.
I wonder if it could be part of a "pre spam" test run!
Actually, the Windows Messenger SPAM has been going on too. Here is an article about it. I recieved one once, even though I had my NAT/firewall box on, and ZoneAlarm running on that desktop (turned out I had the PC in the DMZ of the firewall and forgot about it) but was suprised that someone could send it over the internet.
What is a port and why is it important to keep it closed?
Well, I'll use an analogy. Let's say that the internet is a neighborhood. Within each neighborhood, you have houses which are the personal computers. In your house, there are many doors, which would be like ports. You may keep the front and back doors locked, but a bad guy might find his way in the garage door.
On the internet, bad guys often test ports to see if there is a computer they can get into. It's just like a burglar that goes door to door and jiggles the handle to see if it is unlocked. He may try an entire neighborhood until he finds an unlocked door. These bad guys on the internet have programs that test a whole "neighborhood" of computers to find one with a port he can connect to.
quote:Originally posted by Wonton Soup:
What does a firewall do?
Depending on what type of firewall you get, it blocks something from getting in. A software firewall on your PC will block the ports on your computer, and not let anything out onto the internet without your permission. Think of it as locking a door both from the inside and outside, and you give permission to who goes in and out.
A hardware firewall is more like a gated fence. It puts up a barrier outside of your house that has to be unlocked. This is usually best if you have a few computers on a network inside your home.
The best solution, in my opinion, is to run both a firewall on the network and one on each computer. It's like having a locked gate on a fence around your house, but you keep all the doors on your house locked too.
Recommended Posts
Bluzeman
Backdoor sub/7 is a virus that allows a remote user to take over control of your computer.
That's the short answer!
What you are experiencing with your firewall are users scanning your ip for the sub7 virus. If you HAD the virus, and no firewall blocking the person scanning you, they could "own" you...meaning they had successfully taken over your computer.
As long as the firewall is blocking the attack, then your OK.
Rick
Link to comment
Share on other sites
krys
Thanks Rick!
Link to comment
Share on other sites
Mister P-Mosh
I'm suprised that it still exists. I tested those programs out years ago. BackOrifice, for example, has to be nearly seven years old (maybe not quite that old, maybe it's only five.)
I wrote a little program once to play a .wav file of a doorbell ringing whenever someone hit port 12345 or 31337 (where BO and Sub7 usually get you) but had to turn it off because it went off too much at random times.
It's definitely a random scan most of the time though. I remember programs that would take a range of IP addresses (e.g. 192.168.1.1 to 192.168.1.255) and scan all of them, just to see if it was installed. That's what this probably is more than anything.
Another annoying thing was all the Microsoft IIS web server worms. When I was running my own web site back then, over 2/3 of all the hits I got were from those stupid things. I would watch my server logs and they would just scroll by while thousands upon thousands of hits went by looking for IIS exploits.
I was running Apache webserver on Linux though, so that made it even more pointless.
Link to comment
Share on other sites
Bluzeman
Backdoor sub/7 actually seems to be on a revival of sorts. I used to have all ports open to my server and used a software firewall to protect it. I would get attempted attacks daily, numerous times. Then I set up port forwarding on my router and they can't get past first base anymore!
Probably kids that are just studying hacking 101!
Rick
Link to comment
Share on other sites
krys
No so Rick!
I've run quite a few of the offending IP addresses and they are mostly communication companies.
I wonder if it could be part of a "pre spam" test run!
Link to comment
Share on other sites
Bluzeman
Krys, when you say Communication Company, do you mean like an internet service provider?
Link to comment
Share on other sites
Mister P-Mosh
Actually, the Windows Messenger SPAM has been going on too. Here is an article about it. I recieved one once, even though I had my NAT/firewall box on, and ZoneAlarm running on that desktop (turned out I had the PC in the DMZ of the firewall and forgot about it) but was suprised that someone could send it over the internet.
Link to comment
Share on other sites
Wonton Soup
Questions...
What is a port and why is it important to keep it closed?
What does a firewall do?
Link to comment
Share on other sites
Mister P-Mosh
Well, I'll use an analogy. Let's say that the internet is a neighborhood. Within each neighborhood, you have houses which are the personal computers. In your house, there are many doors, which would be like ports. You may keep the front and back doors locked, but a bad guy might find his way in the garage door.
On the internet, bad guys often test ports to see if there is a computer they can get into. It's just like a burglar that goes door to door and jiggles the handle to see if it is unlocked. He may try an entire neighborhood until he finds an unlocked door. These bad guys on the internet have programs that test a whole "neighborhood" of computers to find one with a port he can connect to.
Depending on what type of firewall you get, it blocks something from getting in. A software firewall on your PC will block the ports on your computer, and not let anything out onto the internet without your permission. Think of it as locking a door both from the inside and outside, and you give permission to who goes in and out.
A hardware firewall is more like a gated fence. It puts up a barrier outside of your house that has to be unlocked. This is usually best if you have a few computers on a network inside your home.
The best solution, in my opinion, is to run both a firewall on the network and one on each computer. It's like having a locked gate on a fence around your house, but you keep all the doors on your house locked too.
Link to comment
Share on other sites
Wonton Soup
Thanks P-Mosh!
Finally a simple explanation!
So since I have only one computer a single firewall program would suit my needs.
I've heard Zone Alarm has a freebie program, is this what I am looking for?
Mucho thanks!
WS
Link to comment
Share on other sites
Zixar
Wonton: yes, that would work. If you have WinXP, it already has a software firewall that comes with it, all you have to do is activate it.
Link to comment
Share on other sites
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.