Security Threat

[Guest]

My partner is working on Windows Xp Home SP2 and has received the following
message:

Norton has detected and blocked an intruisive attempt:

address was HTTP MS IIS NTLM ASN1 BO

I have looked on symantec and it is giving security updates but not for xp
home sp2 and i do not understand what t hey are talking about on the site.

Can anybody tell me exactly what this is and what it means? Also can anyone
give me the needed security update please?

Thank you.

 

[David H. Lipman]

From: "tigerclaws" <[email protected]>

| My partner is working on Windows Xp Home SP2 and has received the following
| message:
|
| Norton has detected and blocked an intruisive attempt:
|
| address was HTTP MS IIS NTLM ASN1 BO
|
| I have looked on symantec and it is giving security updates but not for xp
| home sp2 and i do not understand what t hey are talking about on the site.
|
| Can anybody tell me exactly what this is and what it means? Also can anyone
| give me the needed security update please?
|
| Thank you.

Ignore it. Its an overzealous FireWall reporting too much. It did its job. No worries !

 

[Guest]

THank you for answering my question, i still do not understand what it is and
it is always popping up now, twice yesterday and once the day before, it says
that it is high security alert risk, i have looked at the websites you gave
me but cannot find anything of use there, maybe its me i dont know.

What if one day the firewall is unable to block it? Is there nothing else
that can be done to stop this from popping up all the time?

Thank you

 

[rootj4m13]

I take your getting this yes,
http://www.symantec.com/avcenter/attack_sigs/s21185.html

If thats your exact problem there are links at the bottom, alough there
is no links for the update when running sp2 this suggest it is fixed
when sp2 is installed. Have you made sure that sp2 is installed
correctly.

Http IIS , are you also running your own webserver or Local Area
Network File service?

 

[Guest]

Yes that is the message that she is getting, i am sure that sp2 is installed
correctly, she has been using sp2 since it first came out but has only been
getting the messages in the last couple of days.

She is running on a local area network. Is there anyway that she can check
if SP2 is running properly or installed properly?

 

[rootj4m13]

Check if sp2 is installed here.
http://tinyurl.com/ha6t4

There reason that I was asking about the webserver, its and IIS
exploit, well its coming from an IIS service
---
Definition
http://tinyurl.com/ockuc
---

Have you madesure that you have all the latest windows updates from
http://update.microsoft.com

and are your definitions for norton antivirus up to date, if they have
resolved their own security fix it will be fixed the next time it is
detected.

Sorry I cant help very much.

Jamie

 

[Guest]

Yes she does have sp2 installed. I believe that the server she is using is
from BT and all windows updates have been updated and norton definitions are
also updated that is why we can not understand why she is getting the
messages now.

Is there no way to solve this problem? How can we check that SP2 is actually
running correctly or installed correctly?

 

[David H. Lipman]

From: "tigerclaws" <[email protected]>

| THank you for answering my question, i still do not understand what it is and
| it is always popping up now, twice yesterday and once the day before, it says
| that it is high security alert risk, i have looked at the websites you gave
| me but cannot find anything of use there, maybe its me i dont know.
|
| What if one day the firewall is unable to block it? Is there nothing else
| that can be done to stop this from popping up all the time?
|
| Thank you
|


If the person is on Broadband Internet then obtain a cable.DSL Router such as the Linksys
BEFSR41. The Router, not the PC, will see such activity and such Pop-Ups will not be seen
at the PC.