Report FT SLOWNESS on this thread
Dec 27, 2004 | 2:17 pm
#706
Join Date: May 2000
Posts: 473
What worm?
We do not and never have served spyware. Never.
We do not and never have served spyware. Never.
Originally Posted by blackjack-21
Norton just blocked another attempted worm intrusion while I was on FT. This one showed as a Trojan Horse. Strange, but I'm beginning to wonder now if it's just a coincidence. 
bj-21.
bj-21.
Dec 28, 2004 | 9:26 pm
#707
Join Date: Jun 2000
Location: YYZ
Programs: AC, AA, UA, BA, Hilton
Posts: 2,907
Thanks, John, I didn't think that FT had used spyware or anything more then a cookie set to keep us logged in.
The Norton warning just happened again, however, and this time I copied the relevent information from it, as I was once again on FT when it appeared. Since I can't "track" where it came from, maybe you can help with some insight.
Here's the details that I copied:
Security Rule: Default Block NETBUS Trojan Horse
Date: 12/28/04
Time: 10:51 PM (EST)
Path: N/A
File Name: N/A
Direction: Inbound
Local Address: XX.XXX.XX.X (My ISP Address)
Local Port: NETBUS (12345)
Remote Address: 211.41.222.234
Remote Port: 1593
Protocol: TCP
Since I installed the Norton Systemworks 2005 several weeks ago to try to correct a slow running computer, I've only had seven virus/worm warnings appear, and four of these have come while I was on FT. May be coincidences, as I usually am here in the evenings, usually very late, so it may be a time-zone thing from somewhere else in the world.
But it did, really, happen again, as per above.
Thanks for your help.
bj-21.
*****Just happened again!!! Same details as above, except the following:
Time: 11:19 PM (EST)
Remote Address:61.43.226.159
Remote Port: 4482
bj-21.
The Norton warning just happened again, however, and this time I copied the relevent information from it, as I was once again on FT when it appeared. Since I can't "track" where it came from, maybe you can help with some insight.
Here's the details that I copied:
Security Rule: Default Block NETBUS Trojan Horse
Date: 12/28/04
Time: 10:51 PM (EST)
Path: N/A
File Name: N/A
Direction: Inbound
Local Address: XX.XXX.XX.X (My ISP Address)
Local Port: NETBUS (12345)
Remote Address: 211.41.222.234
Remote Port: 1593
Protocol: TCP
Since I installed the Norton Systemworks 2005 several weeks ago to try to correct a slow running computer, I've only had seven virus/worm warnings appear, and four of these have come while I was on FT. May be coincidences, as I usually am here in the evenings, usually very late, so it may be a time-zone thing from somewhere else in the world.
But it did, really, happen again, as per above.
Thanks for your help.
bj-21.
*****Just happened again!!! Same details as above, except the following:
Time: 11:19 PM (EST)
Remote Address:61.43.226.159
Remote Port: 4482
bj-21.
Dec 29, 2004 | 12:16 am
#708
Join Date: Sep 2004
Posts: 422
Based on the info you pasted above, it doesn't look like it is FT.
The warning is telling you that someone is trying to connect to your computer. The NETBUS program works by listening to a specific numbered port (listed above), and people outside your computer can then connect into that port if the program (trojan) is running. However, the firewall software you have installed doesn't even let it get that far - it sees the attempt to access that port, and doesn't let it even check if the trojan is installed on your computer (which it probably isn't).
In the simplest terms, someone was just seeing if you had the trojan infected/installed on your computer. The firewall saw the attempted access, and let you know.
As for the person trying to see if you had the trojan installed, I looked up the registration for the company which owns the IP listed. It's a Cable TV company in Korea, which means one of their customers was probably just scanning an entire range of IP addresses to find computers infected with the trojan, and yours just happened to fall into the range that they scanned. Any other questions, feel free to ask, and I'll see what I can do to answer. FYI, here's the registration info for the attacker IP that was in your info above:
The warning is telling you that someone is trying to connect to your computer. The NETBUS program works by listening to a specific numbered port (listed above), and people outside your computer can then connect into that port if the program (trojan) is running. However, the firewall software you have installed doesn't even let it get that far - it sees the attempt to access that port, and doesn't let it even check if the trojan is installed on your computer (which it probably isn't).
In the simplest terms, someone was just seeing if you had the trojan infected/installed on your computer. The firewall saw the attempted access, and let you know.
As for the person trying to see if you had the trojan installed, I looked up the registration for the company which owns the IP listed. It's a Cable TV company in Korea, which means one of their customers was probably just scanning an entire range of IP addresses to find computers infected with the trojan, and yours just happened to fall into the range that they scanned. Any other questions, feel free to ask, and I'll see what I can do to answer. FYI, here's the registration info for the attacker IP that was in your info above:
Network Name : KNCTV-INFRA
Connect ISP Name : KNCTV
Connect Date : 20011025
Registration Date : 20031020
[ Organization Information ]
Organization ID : ORG130458
Org Name : KangNam CableTV
State : Seoul
Address : Nonhyun-dong,Kangnam-ku,Seoul,Korea
Zip Code : 135-010
[ Admin Contact Information]
Name : Yoon Yeo Man
Org Name : KangNam CableTV
State : Seoul
Address : Nonhyun-dong,Kangnam-ku,Seoul,Korea
Zip Code : 135-010
Phone : +82-2-2056-7802
Fax : +82-2-512-4207
E-Mail : [email protected]
[ Technical Contact Information ]
Name : Kim Cho Hyun
Org Name : KangNam CableTV
State : Seoul
Address : Nonhyun-dong,Kangnam-ku,Seoul,Korea
Zip Code : 135-010
Phone : +82-2-2056-7808
Fax : +82-2-512-4207
E-Mail : [email protected]
Connect ISP Name : KNCTV
Connect Date : 20011025
Registration Date : 20031020
[ Organization Information ]
Organization ID : ORG130458
Org Name : KangNam CableTV
State : Seoul
Address : Nonhyun-dong,Kangnam-ku,Seoul,Korea
Zip Code : 135-010
[ Admin Contact Information]
Name : Yoon Yeo Man
Org Name : KangNam CableTV
State : Seoul
Address : Nonhyun-dong,Kangnam-ku,Seoul,Korea
Zip Code : 135-010
Phone : +82-2-2056-7802
Fax : +82-2-512-4207
E-Mail : [email protected]
[ Technical Contact Information ]
Name : Kim Cho Hyun
Org Name : KangNam CableTV
State : Seoul
Address : Nonhyun-dong,Kangnam-ku,Seoul,Korea
Zip Code : 135-010
Phone : +82-2-2056-7808
Fax : +82-2-512-4207
E-Mail : [email protected]
Last edited by drtravix; Dec 29, 2004 at 12:20 am
Dec 29, 2004 | 12:25 am
#709
Join Date: Sep 2004
Posts: 422
Also, for the second IP you posted above, it also looks like a Korea-owned IP... see below for registration details. Looks like the second connection attempt is coming from somewhere in DACOM corporation, which has internet access provided by BORANET corporation in Korea. Not much you can do about it... although perhaps you can tell your firewall to silently log the attempted accesses rather than display them each time, if it's annoying to have them pop up.
[ ISP Organization Information ]
Org Name : DACOM Corporation
Service Name : BORANET
Org Address : DACOM Bldg., 65-228 Hangangro 1ga Yongsan-Gu
[ ISP IP Admin Contact Information ]
Name : IP Administrator
Phone : +82-2-2089-7755
Fax : +82-505-888-0706
E-Mail : [email protected]
[ ISP IP Tech Contact Information ]
Name : IP Manager
Phone : +82-2-2089-7755
Fax : +82-505-888-0706
E-mail : [email protected]
Org Name : DACOM Corporation
Service Name : BORANET
Org Address : DACOM Bldg., 65-228 Hangangro 1ga Yongsan-Gu
[ ISP IP Admin Contact Information ]
Name : IP Administrator
Phone : +82-2-2089-7755
Fax : +82-505-888-0706
E-Mail : [email protected]
[ ISP IP Tech Contact Information ]
Name : IP Manager
Phone : +82-2-2089-7755
Fax : +82-505-888-0706
E-mail : [email protected]
Dec 29, 2004 | 9:32 am
#710
Join Date: May 2000
Posts: 473
Seems like lots of attacks that I see, most of them in fact, originate or appear to originate in South Korea. Not sure if they really do come from there or if there are just a large number of compromised computers there that are being used by criminals in other countries to stage other attacks.
Dec 29, 2004 | 8:28 pm
#711
Join Date: Jun 2000
Location: YYZ
Programs: AC, AA, UA, BA, Hilton
Posts: 2,907
Thank You
Thanks, drtravix and John, for tracking the sources for me. At least we know where they originate, and that they are blockable.
Now, if I could only get my slow-running pc to speed up, and stop losing connections...........
Thanks again.
bj-21.
Now, if I could only get my slow-running pc to speed up, and stop losing connections...........
Thanks again.
bj-21.
Dec 29, 2004 | 9:18 pm
#712
FlyerTalk Evangelist
Join Date: Nov 2004
Location: Melbourne
Programs: ►QFWP/LTG►VA WP►HyattDisc.►HiltonGold►ALL Plat.
Posts: 22,328
CPU Flush with running Flash..
Maybe the advertisements mentioned in this thread in this Same Forum have something to do with the slow speed.
It has been mentioned already by one poster here:
My CPU has a thermostatic fan that turns on when it gets warm. In the aircon environment of my office this rarely happens, but recently, every time it has come on, I am in FlyerTalk and have forgotton to set the flash qualities to low @:-)
It has been mentioned already by one poster here:
Originally Posted by ozstamps
No change from here -- still about half normal speed.
Techies - are the current flash banners of unusually large size? That has occured in the past and slowed things down a lot?
Techies - are the current flash banners of unusually large size? That has occured in the past and slowed things down a lot?
Dec 30, 2004 | 12:07 am
#713
Join Date: Jun 2000
Location: YYZ
Programs: AC, AA, UA, BA, Hilton
Posts: 2,907
Tried setting the emotican ad quality to low, as suggested, but each time I go to a new page or thread, it once again had to be reset to low. No way to keep the setting permanently set at low? That might be a help.
bj-21.
bj-21.
Jan 4, 2005 | 4:35 pm
#714
Join Date: Sep 2003
Location: London
Programs: Bonvoy Titanium, IHG Plat Ambassador, Qatar Gold, Etihad Gold, TK Gold, BA Silver, Emirates Silver
Posts: 1,458
Just mentioning that I am still pulling up pretty slow...and I am on a pretty fat pipe.
Jan 4, 2005 | 4:54 pm
#715
Join Date: Jun 2002
Location: BCT. Formerly known as attorney28
Programs: LH LT SEN,BA GGL GfL,Hyatt LT Gl,Mrtt LT P,HH LT D,IHG D-Amb,Acc D,GHA T,LHW A,Sixt/Av/Hz D/Pres
Posts: 6,947
Originally Posted by oontiveros
Just mentioning that I am still pulling up pretty slow...and I am on a pretty fat pipe.
Jan 4, 2005 | 6:10 pm
#716
Founder of FlyerTalk
Join Date: May 1998
Location: Colorado Springs, CO
Posts: 6,540
Today FlyerTalk.com was mentioned again in The Wall Street Journal and I noticed we were operating at record levels of online activity all day long, nearly 2,000 members on every second of the day. Actually the member activity has been extremely high the last few days even before this mention again in the newspaper. Must be members looking for resolutions.....
Jan 4, 2005 | 6:20 pm
#717
In Memoriam
Join Date: Jul 2001
Posts: 35,554
and I thought it was just me. 
Jan 5, 2005 | 8:28 am
#718
Join Date: Sep 2004
Posts: 422
Originally Posted by serfty
Maybe the advertisements mentioned in this thread in this Same Forum have something to do with the slow speed.
It has been mentioned already by one poster here:My CPU has a thermostatic fan that turns on when it gets warm. In the aircon environment of my office this rarely happens, but recently, every time it has come on, I am in FlyerTalk and have forgotton to set the flash qualities to low @:-)
It has been mentioned already by one poster here:My CPU has a thermostatic fan that turns on when it gets warm. In the aircon environment of my office this rarely happens, but recently, every time it has come on, I am in FlyerTalk and have forgotton to set the flash qualities to low @:-)
I disabled Flash, and now it works great. Wish we could get rid of the Flash banners.
For those who want to disable Flash on their computers with Windows XP (SP2 installed), you can select "Manage Add-Ons" from the Tools menu of Internet Explorer, and "disable" Shockwave Macromedia Flash.
Jan 5, 2005 | 2:22 pm
#719
Moderator, Hilton Honors
Join Date: Nov 2003
Location: on a short leash
Programs: some
Posts: 71,445
FT has been real slow for me the last 15 minutes or so.
Jan 5, 2005 | 3:41 pm
#720
Join Date: Jan 2004
Location: IND
Programs: UA Million Miler (Lifetime Gold), Hilton Diamond, Marriott Gold
Posts: 3,531
I logged on again around 4:30 and it took over a minute for the home page to open. Has been slow opening threads too. And I'm on DSL. Have checked some other sites, and they're loading fast so it's FlyerTalk.