View Full Version : SubSeven port probe

02-26-00, 05:03 PM
MAC: 00509508061A

* Should I be concerned with this sprobe? advICE says its trying to run a trojan.

I tried to winnuke the dude, but no success.

(?) Is this probe common?

02-26-00, 05:19 PM
This probe is common. Black Ice has detected it a few times in the last couple months on my comp. I don't think there should be too much too worry about, since Black Ice is protecting you. However,hopefully someone else can give you more detail.

02-26-00, 06:00 PM
You don't have to worry about it unless the sub-seven trojon is on your system. It was not an attempt to install it, but an attempt to trigger the trojan sub-seven, which uses the port that was scanned. If you have it & don't run black ice, & get scanned again it would send passswords out etc.


02-29-00, 02:08 PM
You should also expect to see this and several versions of this for sometime to come.

For more info click here. (http://advice.networkice.com/advice/Phauna/RATs/SubSeven/default.htm)


03-11-00, 12:24 PM
'tis true. It does have some very powerful tools, much like what you would find in an NT or Win-too-kay Resource Kit. You have the power to shut a system down with the NTRK. Sub Seven also has some 'fun' utilities you can play with, like opening and closing the CD-ROM, taking over the mouse/keyboard, etc... I've messed around with it before, with a guy. He had the client-side on his system, and I gave him a hard time while we were chatting. Kinda gullible if you ask me, but I never intended to do anything destructive. You can never learn how a program works unless you use it.