Internet/Network Security/Security - Port 443 open, connects to untrusted server
QUESTION: Hello! I'm concerned. I just changed everything (ISP, cell provider, ph nbrs, new phones, new computer etc) because my computer got a Trojan (win32/filcout) that stole all pswds, financial info and put a back door program on my computer that made my computer a zombie slave and controlled everything with a smart card in my house. Now with all new equipment, etc when I scan my new network connection with many scanners (iNet Pro, Fling, Scany, several others) it shows port 443 is open and connected to an untrusted server named Daniel located in CA USA. This is the HTTPS connection. I have my firewall for both my router and computer set to high security. My ISP says not to worry about it and to just ignore it. This seems foolish to me. I have a brand new IMac I am reluctant to connect to the internet. Please, help. Is my connection compromised? What can I do to fix this? Thank you kindly. Lindy
ANSWER: I don't think your connection is compromised, but if I were you, I would configure my firewalls to block all access to the suspicious server. If you're super paranoid, you can configure your firewalls to block all traffic by default, and allow only what you specify. This can be a pain though as anything you miss will stop working, and there are underlying protocols that would have to be taken into account. The route you have taken to find the suspicious connection should be repeated periodically, and if they continue to happen, that would be cause for more concern. In the meantime, simply deny all traffic headed to the server in question from both your PC's firewall and your network firewall (router).
---------- FOLLOW-UP ----------
QUESTION: Thank you Bryan. How do I do that? Contact my ISP? Would they assist me?
No, they're not likely to help you. On a Mac, you can adjust your firewall settings by following the directions on the link HERE
. This should work for you...(I don't use a Mac, but it looks promising). Basically, you will need to disable access (I would disable all ports) outbound for the server you find suspicious. Your router is another story. You can most likely login to it by going to http://192.168.1.1
, or whatever your default gateway is on your network configuration. Depending on your router, the login will be different, but some google searching should turn up results for default password configs on whatever make/model router you have. Once in the web interface of the router, there will be a place where you can make firewall modifications, and just block outbound traffic to the server in there as well. I would also disable all incoming traffic for the server you're suspicious of. If you need further assistance, please do not hesitate to ask.