Norton's Internet Security gave me an alert today in regards to someone scanning for the backdoor/subseven Trojan. Norton blocked it and recorded the following info on the attempt. When I did a lookup on it, I discovered it appears to be DirecTV themselves (complete info below). Anyone else notice this kind of activity? Very interesting.

Date: 8/6/2001 Time: 12:06:26
Rule "Default Block Backdoor/SubSeven Trojan" blocked (XXXXXXXXXXXX,27374). Details:
Inbound TCP connection
Local address,service is (XXXXXXXXXXXX,27374)
Remote address,service is (hh1117092.direcpc.com,3967)
Process name is "N/A"

Host info hh1117092.direcpc.com 2/3000/50/0; 08/06/01 12:19:21

Official name: hh1117092.direcpc.com
IP address: 206.71.117.92

ping 206.71.117.92 packet 2 failed, retcode = 11010 (Timed Out)

The Data in Network Solutions' WHOIS database is provided by Network
Solutions for information purposes, and to assist persons in obtaining
information about or related to a domain name registration record.
Network Solutions does not guarantee its accuracy. By submitting a
WHOIS query, you agree that you will use this Data only for lawful
purposes and that, under no circumstances will you use this Data to:
(1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail
(spam); or (2) enable high volume, automated, electronic processes
that apply to Network Solutions (or its systems). Network Solutions
reserves the right to modify these terms at any time. By submitting
this query, you agree to abide by this policy.

Hughes Electronics Corporation
Corporate Legal 200 North Sepulveda Blvd P.O. Box 956 ES, 001 A109
El Segundo, CA 90245
US

Domain Name: DIRECPC.COM

Administrative Contact:
1GP Administration admin@1globalplace.com
1GlobalPlace, Inc.
2629 Manhattan Avenue PMB 292
Hermosa Beach, CA 90254
US
Phone- +1 310 567 6329
Fax- +1 419 710 7661
Technical Contact:
Larry Cox lcox@directv.com
DirecTV, Inc.
200 North Sepulveda Blvd., Bldg. 001, M/S N324
El Segundo, California 90245
US
Phone- (310) 964-1773
Fax-

Record updated on 2001-07-23 21:35:50.
Record created on 1994-06-08.
Record expires on 2002-06-06.
Database last updated on 2001-08-06 05:23:33 EST.

Domain servers in listed order:

NS.CAIS.COM 205.177.10.10
NS.DIRECPC.COM 198.77.116.8
The previous information has been obtained either directly from the
registrant or a registrar of the domain name other than Network Solutions.
Network Solutions, therefore, does not guarantee its accuracy or
completeness.

Prob someone on the direcpc network.

Oh, boy. Another conspiratist.

It means that a user on the directpc network, which is owned by hughes, is trying to do a portscan to the available subseven ports out there. It doesn't mean that he/she is the one that put the virus on your computer, and it doesn't mean that d@ve is doing the looking. User hh1117092 is a customer on the DPC network. The IP address is still owned by DPC (do a lookup on your own IP, if you question this) and is only being "rented" to the user on the other end.
Next thing ya know, I am gonna hear someone on the board say that they actually believe the Code Red worm *was* developed by the Chinese.

Paranoia, when excessive, is quite scary.

A bit jumpy arn't we.

I guess I can't say I blame you either!

TT

Originally posted by NerdBoy74
Oh, boy. Another conspiratist.

Next thing ya know, I am gonna hear someone on the board say that they actually believe the Code Red worm *was* developed by the Chinese.

Of course everyone knows it was the Ruskies ;)

I stand corrected. :)

ruskies ?? not very many TOWNS in russia can even afford a pc ....

Just the thought of DTV doing this is an interesting idea. They could scan computers for links to Pirate web sites, then, hide the worm type software to seek and destroy the programming files, if not the hidden dos files and disk directory.

All I can say is, anything is possible now a day, isn't it?

Isn't the name of the game from their standpoint "Play to win"?

Al

except they would be breaking the law...