I’ve been doing some collaboration w/ a friend of mine and we’ver been using ftp. However, his firewall’s generated two disturbing reports
(the exxes are my addy of course)
#1
Rule “Default Block Ultor’s Trojan horse” stealthed (192.168.1.102,1234). Details:
Inbound TCP connection
Local address,service is (192.168.1.102,1234)
Remote address,service is (xxx.xxx.xxx.xxx,2237)
After this one I went to the router and revoked the DHCP lease of the other computers on the LAN (no one was using them anyway). No problems until the other computers went back into use. Then this warning:
#2
Rule “Default Block TransScout” stealthed (192.168.1.102,2005).
Details:
Inbound TCP connection
Local address,service is (192.168.1.102,2005)
Remote address,service is (xxx.xxx.xxx.xxx,1946)
I’m scanning the last suspect computer on the network now.
Assuming it comes up clean, and because it seems unlikely that there’re two separate trojans on that machine, what kinds of things might trigger a firewall’s false positive such as this?