puzzled, Whats this intrusion detected ??

Discussion in 'other firewalls' started by ghodgson, Dec 10, 2004.

Thread Status:
Not open for further replies.
  1. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
    Hi guys, While I was on the net tonight my NIS firewall came up with this intrusion alert, which puzzles me because it says my machine tried to attack another on the net. I dont understand this can anyone throw any light on this thanks. I am running XP home.

    10/12/2004 18:36:57,Supervisor,Intrusion:
    "Intrusion: HTTP_ActivePerl_Overflow Intruder: 0.0.0.0(3524). Risk Level: Medium Protocol: TCP. Attacked IP: st.sageanalyst.net(63.150.145.9) Attacked Port: http(80)."
    Cheers Gordon
     
    ghodgson, Dec 10, 2004
    #1
  2. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi ghodgson,

    You can consider it a false positive, unless you are hosting a web server + ActivePerl for Windows version 5.6.1.629 and earlier. Looks like NIS is picking up on a suspicious string in your browser request. Some info from Symantec here: HTTP_ActivePerl_Overflow.

    Nick
     
    nick s, Dec 10, 2004
    #2
  3. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    835
    Location:
    UK
    Dear Nick, Thanks for your reply and phew!! I am grateful its a false positive, I thought I had a trojan or something. I dont have Active pearl and I am not a web server.
    Thanks Gordon
     
    ghodgson, Dec 10, 2004
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...