Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Norton Internet Security Problem!
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Filezilla uninstall.exe detected as Prockill-DF? »
« IM Rootkit Tracked To Mid East Group  
AuthorAll Replies


jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA

reply to jellybeans27
Re: Norton Internet Security Problem!

Okay, found the earlier thread. It's at »NIS2006 .

Did it look like this? (Probably not, I see that's an outbound attempt and it sounds like you're talking a inbound attempt.)
--
Regards, Joseph V. Morris
to forum · permalink · · 2005-11-15 14:51:52 · Reply to this

jellybeans27

join:2005-10-28

 Here's an example from my activity log:

Details: Intrusion: Invalid Source IP Address.
Intruder: 255.255.255.255.
Risk Level: Medium.
Source IP address: 255.255.255.255.This IP address is invalid.
Destination IP address: YOUR-JSAHFDNCU3(84.13.89.247).
Protocol: ICMP.
to forum · permalink · · 2005-11-15 16:50:00 · Reply to this


jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA		 Looks like it's coming from NIS' IDS subsystem, rather than the firewall. Pity it doesn't give more details about the ICMP message involved.

Maybe Reese can shed some light on this.
--
Regards, Joseph V. Morris
to forum · permalink · · 2005-11-15 16:54:34 · Reply to this


ranschultz
Premium
join:2004-05-28
Canyon Country, CA
·Vonage

1 edit		reply to jellybeans27
This appears to be a smurf type of attack. Somebody on your local segment is sending this packet with the intent of using your machine to amplify the attack and cause a denial of service to your segment or some machine on your segment.

To figure out who it is you'd have to use a packet sniffer to get the ethernet address associated with the offending packet and associate that with an Internet address. Reporting the ethernet address alone to your ISP should be sufficient to track this person down.

Edit: fixed a bone-headed wording mistake.
to forum · permalink · · 2005-11-15 20:34:47 · Reply to this

jellybeans27

join:2005-10-28		 Which 'packet sniffer' do you recommend?
to forum · permalink · · 2005-11-16 06:36:55 · Reply to this
Forums » Up and Running » Security » SecurityFilezilla uninstall.exe detected as Prockill-DF? »
« IM Rootkit Tracked To Mid East Group  

Wednesday, 09-Dec 09:12:20 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [196] Sprint Sued For Distracted Driving Death
· [81] 3G Network Test Says AT&T Is Tops
· [72] Mediacom Unveils 105 Mbps Pricing
· [62] Sprint Poised For A Turnaround?
· [54] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [50] The Future Of Wi-Fi Is Bright
· [47] Site Leaks Yahoo, Verizon Fed Data Share Pricing
· [44] Microwaving Your Innards Is Not 'Extreme'
· [39] Verizon LTE: 5-12 Mbps Downstream
· [21] AT&T Releases Network Reporting iPhone App
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· Comcast refused to install 400' feet. [Comcast HSI]
· buffs, nerfs, and 3.3 [World of Warcraft]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· [TIVO] Problems with TIVO/CableCard in WNY (No Encrypted Channel [Verizon FIOS TV]
· Official Mal'Ganis Thread [World of Warcraft]
· New PvE Content [World of Warcraft]
· Buzzing whatchamacallit in ceiling...?? Help identify. [Home Repair & Improvement]
· [Snow Leopard] NFS Mounts - no more Directory Utility [All Things Macintosh]
· persistent connection to qw-in-f113.1e100.net on boot [Security]