Re: Intrusion Attack
- From: "Don Kelloway" <usenet@xxxxxxxxxxxx>
- Date: Sun, 16 Apr 2006 02:37:57 GMT
"james" <programmer.james@xxxxxxxxx> wrote in message
news:1145120450.270560.130280@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Don Kelloway wrote:
"james" <programmer.james@xxxxxxxxx> wrote in messageHi Don,
news:1145063992.253793.181770@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Don Kelloway wrote:
"james" <programmer.james@xxxxxxxxx> wrote in messageYes we are on LAN so I am connected to one of the workgroup network.
news:1144848371.406986.137090@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello All,
I am a regular internet user but since few days my Norton 2005
Antivirus shown me following messege......
Details: Attempted Intrusion "MS ASN1 Integer Overflow TCP" against
your machine was detected and blocked.
Intruder: 10.19.124.206(2801).
Risk Level: High.
Protocol: TCP.
Attacked IP: My PC(10.19.124.185).
Attacked Port: 139
I got nowadays several messeges like this but Intruder IP is
different,
so could anybody please tell me how can I permanently block these
IPs
and how can I search them they might be from my neighbourhood.
Is there any harm even if Norton Blocks them.....
James,
Because the Intruder IP address reflected in the above messages is an
IP
address within your own subnet, you need to verify a few things.
First, how does your PC connect to the Internet? Describing the
hardware
involved would be helpful.
Its connected through LAN through LAN card, but I dont have details
about
networking hardware
Second, do you have or use a WiFi connection? If so, how is it
connected
amongst the hardware involved?
No, I dont use WiFi connection
Third, are you on a network? In other words are there other PC's in
addition to your own?
James,
Then it's not very likely the Source IP (10.19.124.206) represents a
system
on the Internet because it is within your LAN you probably have a
firewall
(probably unbeknownst to you) which performs Network Address Translation
and
is already protecting the LAN (and your PC) from the Internet.
What you are seeing is in all probability another system within the LAN
attempting to connect to your computer for the purpose of establishing a
network share. Such could be used to access a directory on your
computer,
to remotely administer your computer, etc. Within a LAN used for
business
purposes these could be expected and normal activities. It may be wise
to
consult with whoever is responsible for administering the LAN.
In closing the personal firewall on your PC is primarily protecting your
system from other systems within the same LAN. Obviously this can be a
wise
thing to do, but in some instances it can create networking difficulties
between other systems and your own, or vice-versa.
--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security
on the Internet".
Thanks for answering me so many times.
Yes Our Network uses DHCP .
In NetBIOS settings DHCP(Default option) is checked so , Should I
choose Disable NetBIOS over TCP/IP .
And while doing so what effects/changes can be seen.
With Regards
James
Yes. You can disable NetBIOS over TCP/IP option, but whether you choose to
disable NetBIOS over TCP/IP or leave it enabled, other systems will not be
able to access your system because of your use of a personal firewall. More
important disabling or leaving it enabled will not stop other systems from
attempting to connect to your system. They'll still attempt it and your use
of a personal firewall will still display a warning dialog.
--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your Security
on the Internet".
.
- References:
- Intrusion Attack
- From: james
- Re: Intrusion Attack
- From: Don Kelloway
- Re: Intrusion Attack
- From: james
- Re: Intrusion Attack
- From: Don Kelloway
- Re: Intrusion Attack
- From: james
- Intrusion Attack
- Prev by Date: Re: News Release
- Next by Date: Re: News Release
- Previous by thread: Re: Intrusion Attack
- Next by thread: News Release
- Index(es):
Relevant Pages
|
Loading
