Solve : explain virus please?

1.	Solve : explain virus please?
Answer» Every ten minutes "norton" (that is what we have)keeps popping up saying that they caught this. I would like to know what it means and this intruder who and what is it. Details: Attempted Intrusion "MSRPC SrvSvc NetApi Buffer Overflow (2)" against your machine was detected and blocked. Intruder: 216.95.1.60(1377). Risk Level: High. Protocol: TCP. ATTACKED IP: TOWNSHIP-EAXE5D(216.95.155.124). Attacked Port: netbios-ssn(139). Many more details are needed. Norton Antivirus only? Norton Internet Security also? See below. some one is tring to nuke your firewall so they can get in It's probably a worm rather than an attacker that singled you out. Some PC in Hamilton, Ontario is most likely infected with the Wargbot worm (or something similar) and it was trying to spread onto your computer, luckily your firewall/IDS (Norton) blocked it.Sorry about that but we have the whole norton package for the year. This message is been coming up almost every 10 min. for the past month and who would be trying to nuke the firewall. We are on a network Is there a way i can find out if it is an intruder and where and who they are?Check your routers log files to see where it is coming from. You can also BLOCK ports 135-139 in the router to prevent any more intrusions. This should not interfere with the internal network using those ports but will prevent any traffic going to or from the internet on them.There should be a setting in your firewall to turn off the notifications.You should look into buying a hardware firewall such as a router.Hi - I have looked at your post, and it is clear what has happened: The intrusion type was a buffer overflow, which can be serious. A buffer overflow is the process of trying to put more data in a certain memory location that is too small for that data to go - therefore causing a crash of the computer or program. If this is done successfully, the attacker can gain access to the computer. I have knowlege of buffer overflows as I program them to test sofware for security holes and it is most likely that the attacker (which i believe was a person and not a bot) has programmed the exploit in C language. This can be serious so I suggest that you report it to your ISP or whoever has CONTROL over the network. (also report it to norton by means of contact). hope it works out ok! Quote some one is tring to nuke your firewall so they can get in see i told you cuz ive done it to my friend with send multiply packs at there computerDo you really think that some HACKER has been attempting to run this exploit against Nancy's computer every 10 minutes for the past month? Besides, if it was a hacker he/she would have tried alternate methods of gaining access after learning that this particular exploit DID NOT work. No one has control over her network you shouldn't tell her that. The Wargbot worm uses this very same buffer overflow to spread itself and it just so happens that it ATTACKS the same netblock that it's on. Attacking PC: 216.95.1.60 Nancy's PC: 216.95.155.124 UUNET Technologies, Inc. NetRange: 216.94.0.0 - 216.95.255.255 See the connection?JPH is exactly right and I believe this is a very common problem. I have the same thing happening to me & I asked my ISP to track down the user and tell them to clean the infection from their machine. They weren't interested so neither was I, turning off the firewall notifications works well for me.

Answer»

Every ten minutes "norton" (that is what we have)keeps popping up saying that they caught this. I would like to know what it means and this intruder who and what is it.
Details:

Attempted Intrusion "MSRPC SrvSvc NetApi Buffer Overflow (2)" against your machine was detected and blocked.
Intruder: 216.95.1.60(1377).
Risk Level: High.
Protocol: TCP.
ATTACKED IP: TOWNSHIP-EAXE5D(216.95.155.124).
Attacked Port: netbios-ssn(139).
Many more details are needed. Norton Antivirus only? Norton Internet Security also? See below.

some one is tring to nuke your firewall so they can get in It's probably a worm rather than an attacker that singled you out. Some PC in Hamilton, Ontario is most likely infected with the Wargbot worm (or something similar) and it was trying to spread onto your computer, luckily your firewall/IDS (Norton) blocked it.Sorry about that but we have the whole norton package for the year. This message is been coming up almost every 10 min. for the past month and who would be trying to nuke the firewall. We are on a network Is there a way i can find out if it is an intruder and where and who they are?Check your routers log files to see where it is coming from. You can also BLOCK ports 135-139 in the router to prevent any more intrusions. This should not interfere with the internal network using those ports but will prevent any traffic going to or from the internet on them.There should be a setting in your firewall to turn off the notifications.You should look into buying a hardware firewall such as a router.Hi - I have looked at your post, and it is clear what has happened:

The intrusion type was a buffer overflow, which can be serious.
A buffer overflow is the process of trying to put more data in a certain memory location that is too small for that data to go - therefore causing a crash of the computer or program.
If this is done successfully, the attacker can gain access to the computer.

I have knowlege of buffer overflows as I program them to test sofware for security holes and it is most likely that the attacker (which i believe was a person and not a bot) has programmed the exploit in C language.

This can be serious so I suggest that you report it to your ISP or whoever has CONTROL over the network.
(also report it to norton by means of contact).

hope it works out ok! Quote

some one is tring to nuke your firewall so they can get in

see i told you cuz ive done it to my friend with send multiply packs at there computerDo you really think that some HACKER has been attempting to run this exploit against Nancy's computer every 10 minutes for the past month? Besides, if it was a hacker he/she would have tried alternate methods of gaining access after learning that this particular exploit DID NOT work. No one has control over her network you shouldn't tell her that. The Wargbot worm uses this very same buffer overflow to spread itself and it just so happens that it ATTACKS the same netblock that it's on.

Attacking PC: 216.95.1.60
Nancy's PC: 216.95.155.124

UUNET Technologies, Inc.
NetRange: 216.94.0.0 - 216.95.255.255

See the connection?JPH is exactly right and I believe this is a very common problem.
I have the same thing happening to me & I asked my ISP to track down the user and tell them to clean the infection from their machine.
They weren't interested so neither was I, turning off the firewall notifications works well for me.

Solve : explain virus please?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment