Hello All, I am a regular internet user but since few days my Norton 2005 Antivirus shown me following messege......
Details: Attempted Intrusion "MS ASN1 Integer Overflow TCP" against your machine was detected and blocked. Intruder: 10.19.114.206(2801). Risk Level: High. Protocol: TCP. Attacked IP: BLITZKREIG(10.19.114.147). Attacked Port: 139
I got nowadays several messeges like this but Intruder IP is different, so could anybody please tell me how can I permanently block these IPs and how can I search them they might be from my neighbourhood. Is there any harm even if Norton Blocks them.....
Hello All, I am a regular internet user but since few days my Norton 2005 Antivirus shown me following messege......
Details: Attempted Intrusion "MS ASN1 Integer Overflow TCP" against your machine was detected and blocked. Intruder: 10.19.124.206(2801). Risk Level: High. Protocol: TCP. Attacked IP: My PC(10.19.124.185). Attacked Port: 139
I got nowadays several messeges like this but Intruder IP is different,
so could anybody please tell me how can I permanently block these IPs and how can I search them they might be from my neighbourhood. Is there any harm even if Norton Blocks them.....
This is probably a spoofed address. Block all private address ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, probably 169.254.0.0/16 as well) on your border router.
Sebastian Gottschalk wrote in news:4a4f52Fr43llU1 @news.dfncis.de:
Sebastian, although your answers may be "correct", the attitude was not. Just because the guy doesn't know what he's doing is no excuse to treat him that way. We all start somewhere and we are all stupid - rather, uneducated - at one time or another. Even you.
See RFC1180. "spoofing" TCP is not common because there needs to be a two-way conversation - you have to be able to reply in order to get a TCP connection going. This is NOT required for UDP (hence, most UDP to ports 1025 - 1035 - messenger spam - is using false source addresses).
Block those ranges that are not used by your ISP to provide services. One of my ISPs uses 192.168.200.x for incoming mail (POP3 and IMAP), outgoing mail (SMTP - they block all other mail access), customer information web pages and DNS - all for use by customer and inaccessible from the Internet. Thus, I can't block 192.168.200.0/24.
See the following RFCs:
2827 Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. P. Ferguson, D. Senie. May 2000. (Format: TXT=21258 bytes) (Obsoletes RFC2267) (Updated by RFC3704) (Also BCP0038) (Status: BEST CURRENT PRACTICE)
3330 Special-Use IPv4 Addresses. IANA. September 2002. (Format: TXT=16200 bytes) (Status: INFORMATIONAL)
3704 Ingress Filtering for Multihomed Networks. F. Baker, P. Savola. March 2004. (Format: TXT=35942 bytes) (Updates RFC2827) (Also BCP0084) (Status: BEST CURRENT PRACTICE)
RFC3330 lists IP address ranges other than those mentioned above that should be blocked as well.
Thanks Skywise for supporting me .... I am just a newbie who doesnt know much about Networking , I just use Antiviruses for security and works on Microsoft XP.....Neways thanks also for Sebastian even if he was a bit rude ...but i wont mind coz I was a bit stupid in asking queries...
Check this Attacker 10.19.114.206 Victim 10.19.114.147. You both are on same network or Attacker has spoofed IP. Are you in LAN? If you are it is somebody you know. Maybe he is sitting next to you, and he is laughing while you read this. If you have Wireless router, reconfigure WLAN protection, turn DHCP off, you have a guest. Probably neighbour. Answer to Don Kellowey, then maybe somebody will answer you what is happening.
And that's exactly the point: If you don't have a clue, why do you let yourself get flooded with messages you don't understand.
And I guess that's why you were asking for some countermeasure that doesn't counter anything and just cripples your own networking. Because this is what blocking of random targets or autoblocking is: a lack of understanding of security.
Fine, but is this an excuse for not informing yourself and therefore choosing one of the most useless pieces of crap software ever? Hell, even certain freeware virus scanners are better than the Norton stuff.
The One Pound coin was introduced in 1983 as inflation had reduced the purchasing of the note to a very low level.
One of the most interesting characteristics of this coin is the change in design each year, covering each of the countries that comprise the United Kingdom, and the use of an edge inscription for security.
The one pound coin weighs 9.50 grams and has a diameter of 22.50 mm. (the sovereign weighs 8.0 grams and is 22 mm diameter). Most if not all issues are available as sterling silver proofs.
So, the answer to your "stupid" question, which was "how much does a quarter of a pound weigh?" is 2.375 grams.
Yeah we are on same network....but when I scan the attacker's IP it shows it as dead IP...even at the time I got messeges , so he might have spoofed IP.
Not necessary, if your network use DHCP he can change his IP immediately after an attack is launched. If ping is used to check IP, it can be blocked. It would be good idea to report this to your LAN administrator. In addition, this is probably done by somebody who knows you, talk to your friends. Do you have enemies? There is also small probability that this attack originates from the internet. In that case, you are probably not only one who is attacked, talk to your friends and report all to LAN administrator. If you want additional or better protection, I will leave that advice to other guys on this group. Some of them are experts who will advice you much better then I will. I'm home user just like you.
Then it's not very likely the Source IP (10.19.124.206) represents a system on the Internet because it is within your LAN you probably have a firewall (probably unbeknownst to you) which performs Network Address Translation and is already protecting the LAN (and your PC) from the Internet.
What you are seeing is in all probability another system within the LAN attempting to connect to your computer for the purpose of establishing a network share. Such could be used to access a directory on your computer, to remotely administer your computer, etc. Within a LAN used for business purposes these could be expected and normal activities. It may be wise to consult with whoever is responsible for administering the LAN.
In closing the personal firewall on your PC is primarily protecting your system from other systems within the same LAN. Obviously this can be a wise thing to do, but in some instances it can create networking difficulties between other systems and your own, or vice-versa.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.