Re: Intrusion Attack
- From: "james" <programmer.james@xxxxxxxxx>
- Date: 15 Apr 2006 10:00:50 -0700
Don Kelloway wrote:
"james" <programmer.james@xxxxxxxxx> wrote in messageHi Don,
news:1145063992.253793.181770@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Don Kelloway wrote:
"james" <programmer.james@xxxxxxxxx> wrote in messageYes we are on LAN so I am connected to one of the workgroup network.
news:1144848371.406986.137090@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello All,
I am a regular internet user but since few days my Norton 2005
Antivirus shown me following messege......
Details: Attempted Intrusion "MS ASN1 Integer Overflow TCP" against
your machine was detected and blocked.
Intruder: 10.19.124.206(2801).
Risk Level: High.
Protocol: TCP.
Attacked IP: My PC(10.19.124.185).
Attacked Port: 139
I got nowadays several messeges like this but Intruder IP is different,
so could anybody please tell me how can I permanently block these IPs
and how can I search them they might be from my neighbourhood.
Is there any harm even if Norton Blocks them.....
James,
Because the Intruder IP address reflected in the above messages is an IP
address within your own subnet, you need to verify a few things.
First, how does your PC connect to the Internet? Describing the hardware
involved would be helpful.
Its connected through LAN through LAN card, but I dont have details about
networking hardware
Second, do you have or use a WiFi connection? If so, how is it connected
amongst the hardware involved?
No, I dont use WiFi connection
Third, are you on a network? In other words are there other PC's in
addition to your own?
James,
Then it's not very likely the Source IP (10.19.124.206) represents a system
on the Internet because it is within your LAN you probably have a firewall
(probably unbeknownst to you) which performs Network Address Translation and
is already protecting the LAN (and your PC) from the Internet.
What you are seeing is in all probability another system within the LAN
attempting to connect to your computer for the purpose of establishing a
network share. Such could be used to access a directory on your computer,
to remotely administer your computer, etc. Within a LAN used for business
purposes these could be expected and normal activities. It may be wise to
consult with whoever is responsible for administering the LAN.
In closing the personal firewall on your PC is primarily protecting your
system from other systems within the same LAN. Obviously this can be a wise
thing to do, but in some instances it can create networking difficulties
between other systems and your own, or vice-versa.
--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your Security
on the Internet".
Thanks for answering me so many times.
Yes Our Network uses DHCP .
In NetBIOS settings DHCP(Default option) is checked so , Should I
choose Disable NetBIOS over TCP/IP .
And while doing so what effects/changes can be seen.
With Regards
James
.
- Follow-Ups:
- Re: Intrusion Attack
- From: Don Kelloway
- Re: Intrusion Attack
- References:
- Intrusion Attack
- From: james
- Re: Intrusion Attack
- From: Don Kelloway
- Re: Intrusion Attack
- From: james
- Re: Intrusion Attack
- From: Don Kelloway
- Intrusion Attack
- Prev by Date: Re: News Release
- Next by Date: Re: News Release
- Previous by thread: Re: Intrusion Attack
- Next by thread: Re: Intrusion Attack
- Index(es):
Relevant Pages
|
Loading
