two timesin the last two days.....!!

7ticks.com has sent me this Port Scan: NMap Xmas Scan!

What is this?

When my antivirus has found this intruder Ninja has lost the connection with Zen-Fire for 30 minutes (the antivirus time)...I was not able to LOG IN

Is it a spyware?

Please explain

Thanks

Hi Akros,

NinjaTrader does not install any sort of Spyware. Please contact your broker who can get in contact with the appropriate people to determine what this is.

Ray

Proactive is not answering....hhmmm

Just wondering what kind of relationship they have with them

http://www.7ticks.com/Pages/Index.html

Quote from their web site:

7Ticks is a leading provider of technical services and managed hosted solutions for the financial trading marketplace. The Company works closely with small to mid-size trading firms in the area of network design, installation and ongoing management. By partnering with 7Ticks, customers can achieve a new level of network/systems performance, reliability and cost advantage over their competition.

Headquartered in Chicago, Illinois, 7Ticks was established out of the growing need by small brokerage firms, futures commissions merchants (FCM’s) and financial software platform developers for IT integration/technical expertise. The Company has significant knowledge with leading Futures ISV's order execution software platforms such as: Trading Technologies™ (TT), Patsystems™ and Realtime Systems Group™ (RTS).

Send me privately your contact information ray@ninjatrader.com (mailto:ray@ninjatrader.com) and I will have someone follow up with you.

Akros,

Here is an official statement. Somone fromNovus Futures (Division of Dorman) will work with you so you know exactly what is going on. Send me a private message to ray@ninjatrader.com (mailto:ray@ninjatrader.com) and I will put you in touch with them.



When connecting to Zen-Fire, the trader establishes a connection to rz000aa.7ticks.com in order to place orders and receive market data. (This isdone through a process called by NinjaTrader when using File->Connect from theControl Center.) After the connection is established, packets will be transmitted from the rz000aa serverto the computer. If blocked, the trader will be unable to connect to the server and will not be able to trade or receive market data.

NMap is a common process that tries to findavailable ports. If a computer connects directly to the Internet, as opposed to going through a router, it is possible NMap may scan the computer. Normally traders have a router between the computer and the Internet connection. In this case the NMap scan could only check the router for open ports and thetrader would not seean alert. Since spyware commonly uses NMap to look for vulnerable ports, it is possible that the software reporting the 'attack' is misinterpreting it as spyware.

In order to find a way to prevent the false positive alerts from occurring, it is necessary to know exactly what software (and version) is reporting the communication as an attack. Once we know this, we can attempt to recreate it and find a solution.

This will only affect a small number of users. Those that are connecting directly to the Internet are strongly advised to put a router between the modem and the computer. This acts as a firewall and will provide much more security than a software package such as Norton Internet Security.

Akros,

Here is a potential resolution:

Norton Internet Security (NIS)Detects NMap Xmas 'threat' and blocks the user from connecting:

NIS needs to be configured to allow the trading engine to communicate with the computer. This is accomplished by adding the server to the "excluded" list.

Instructions on how to exclude a host (such as rz000aa.7ticks.com) from Auto Blocking:

To exclude specific computers from AutoBlock

In the main Norton InternetSecurity window, double-click Intrusion Detection.
In the Intrusion Detection window, on the AutoBlock tab, click Exclusions.

In the Currently blocked list, select a blocked IP address, and then click Exclude.
Click Add, and then type the computer's name, IP address, network identification, or a range of IP addresses containing the computer that you want to exclude, and then click OK.

When you are done excluding IP addresses, click OK.

In the AutoBlock tab, click OK.