PDA

View Full Version : New Security Threat With Ja Servers


Nalukai
05-13-2005, 01:21 AM
recent edit and to clarify that chicken scratch known as scribble form a fifth of rum...

We recieved word from symantec that said to trouble shoot the possiblity of the backdoor orifice is to add the servers individually to the trusted sites.. since the attacks are on ly on port 29070.

acdcfanbill
05-13-2005, 03:37 AM
i have no idea what your talking about. I checked on ASE and a fair number of JA servers seem to be up. can you explain further?

Nalukai
05-13-2005, 04:47 AM
this has been edited because it is pointing more to a false positive now.

Amidala from Chop Shop
05-13-2005, 11:08 AM
Originally posted by Nalukai
however the recent attacks prevent on efrom going into a game and giving the a block error saying that an dintrusion attempt was either incoming or outboun d at the port of 29070... hich is the main gaming prt ANY q3 engine game uses...

Saying "any" Quake III engine game uses 29070 isn't true. First of all, Jedi Academy uses ports 29070-29081, other games use other ports. Jedi Outcast, for example, uses 28070-28081. . The default port for Jedi Academy is 29070 so of course most of the activity will be on that port.

Second, it seems that all the people reporting this "intrusion" are using Norton Firewall. It's possible that BackOrifice has used port 29070 in the past to attack Windows computers using other programs, and Norton Firewall knows this, and it is warning about all activity on port 29070, even harmless communication between the client program (jamp.exe) and the server.

I don't use Norton Firewall, so I don't know the details about it. Try configuring it to allow jamp.exe but no other program to use that port.

It seems highly unlikely that what you are panicked about has actually happened. It seems more likely to be a problem with all the people using Norton Firewall.

Neverhoodian
05-13-2005, 01:18 PM
Oh s***, I turned off my Norton last night when I was playing Wolfenstein: Enemy Territory, and now I think I may have what you're talking about. I hope this isn't as bad as you say it is. I am now running a search for the program and scanning my computer using both Norton and Ad-aware as we speak, just in case it poses a problem.

razorace
05-14-2005, 03:35 AM
Who is "we"? Got some more official source for this information?

Nalukai
05-14-2005, 04:17 AM
yeah that was mostly the fifth of rum typing the other night... a few of us from bwn network did alot of researching trying to find out info and traces to the game prvoders of this so called intrusn... symantyec responded very rapidly saying it could be very well a false positive when a game you use contains the port acxces of the backdoor orifice 2000 they suggest to add your game to the trusted sites for troubleshooting..

however i thik ima wait for a little bit more info... id still be weary howeever it is beginning to push towards a false positive .