Re: advice about a worm intrusion alert
- From: "Joel Maslak" <jmasla@xxxxxxxxxxx>
- Date: Fri, 24 Nov 2006 16:32:12 -0700
<uTWSOL$DHHA.4620@xxxxxxxxxxxxxxxxxxxx>, Robert MOn 11/24/2006 at 11:03 AM, in message
Jones<robert53newsgroups-ms2@xxxxxxxxxxxxxxxxx> wrote:
Security Alert - Medium Rick
Norton Internet Worm Protection has detected and blocked an
intrusion
attempt.
The text in More Info was as follows:
Intrusion: MS SQL PacketResolution DoS
Intruder: 192.168.1.1 (domain(53))
Risk Level: Medium.
Protocol: UDP
Attacked IP: COMPUTER NAME (192.168.1.2)
Attacked Port: ms-sql-m(1434)
Do you even have SQL installed on your machine? My guess is that you
don't.
As a result, port 1434 is not used by any specific program, but is
available for any program that needs a new UDP port to use.
Because of this, the DNS resolver is using it to make a DNS request
(your name server is probably set as 192.168.1.1). Your DNS server
responds to port 1434. However, Norton incorrectly classifies this as
an attack. It probably isn't.
.
- Follow-Ups:
- Re: advice about a worm intrusion alert
- From: Robert M Jones
- Re: advice about a worm intrusion alert
- References:
- advice about a worm intrusion alert
- From: Robert M Jones
- advice about a worm intrusion alert
- Prev by Date: Re: advice about a worm intrusion alert
- Next by Date: Re: advice about a worm intrusion alert
- Previous by thread: Re: advice about a worm intrusion alert
- Next by thread: Re: advice about a worm intrusion alert
- Index(es):
Relevant Pages
|
|
