puzzled, Whats this intrusion detected ??

Discussion in 'other firewalls' started by ghodgson, Dec 10, 2004.

Thread Status:
Not open for further replies.
  1. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    Hi guys, While I was on the net tonight my NIS firewall came up with this intrusion alert, which puzzles me because it says my machine tried to attack another on the net. I dont understand this can anyone throw any light on this thanks. I am running XP home.

    10/12/2004 18:36:57,Supervisor,Intrusion:
    "Intrusion: HTTP_ActivePerl_Overflow Intruder: 0.0.0.0(3524). Risk Level: Medium Protocol: TCP. Attacked IP: st.sageanalyst.net(63.150.145.9) Attacked Port: http(80)."
    Cheers Gordon
     
  2. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi ghodgson,

    You can consider it a false positive, unless you are hosting a web server + ActivePerl for Windows version 5.6.1.629 and earlier. Looks like NIS is picking up on a suspicious string in your browser request. Some info from Symantec here: HTTP_ActivePerl_Overflow.

    Nick
     
  3. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    Dear Nick, Thanks for your reply and phew!! I am grateful its a false positive, I thought I had a trojan or something. I dont have Active pearl and I am not a web server.
    Thanks Gordon
     
Loading...
Thread Status:
Not open for further replies.