Re: advice about a worm intrusion alert
- From: Robert M Jones <robert53newsgroups-ms2@xxxxxxxxxxxxxxxxx>
- Date: Fri, 24 Nov 2006 23:39:56 +0000
Joel Maslak wrote:
<uTWSOL$DHHA.4620@xxxxxxxxxxxxxxxxxxxx>, Robert MOn 11/24/2006 at 11:03 AM, in message
Jones<robert53newsgroups-ms2@xxxxxxxxxxxxxxxxx> wrote:
Security Alert - Medium Rick
Norton Internet Worm Protection has detected and blocked an intrusion attempt.
The text in More Info was as follows:
Intrusion: MS SQL PacketResolution DoS
Intruder: 192.168.1.1 (domain(53))
Risk Level: Medium.
Protocol: UDP
Attacked IP: COMPUTER NAME (192.168.1.2)
Attacked Port: ms-sql-m(1434)
Do you even have SQL installed on your machine? My guess is that you
don't.
As a result, port 1434 is not used by any specific program, but is
available for any program that needs a new UDP port to use.
Because of this, the DNS resolver is using it to make a DNS request
(your name server is probably set as 192.168.1.1). Your DNS server
responds to port 1434. However, Norton incorrectly classifies this as
an attack. It probably isn't.
That's sort of what I thought - but until I can be sure I did not want to give Norton any instructions to allow or remember - just saying "ok" when I get the block message.
Any advice on checking I can do (other than routine AV and spyware scans) most welcome.
--
Rev Robert M Jones, Wimborne Baptist Church, UK
http://www.wimborne-baptist.org.uk
Free trial of Mailwasher Pro - effective email spam filter - (commission
goes to our partners in Bulgaria)
http://fta.firetrust.com/index.cgi?id=420
.
- References:
- advice about a worm intrusion alert
- From: Robert M Jones
- Re: advice about a worm intrusion alert
- From: Joel Maslak
- advice about a worm intrusion alert
- Prev by Date: Re: advice about a worm intrusion alert
- Next by Date: Re: modify xp_cmdshell to easily allow access to it
- Previous by thread: Re: advice about a worm intrusion alert
- Index(es):
Relevant Pages
|
