Attempted Intrusion "MS ASN1 Integer Overflow TCP"

[Guest]

Hello,

I for the last couple of days i keep receiving the following annoying
message generated by my Norton Anti virus 2006:

Details: Attempted Intrusion "MS ASN1 Integer Overflow TCP" against your
machine was detected and blocked.
Intruder: 86.62.217.124(3477).
Risk Level: High.
Protocol: TCP.
Attacked Port: 139

I would appreciate any help getting rid of this annoying message that keeps
popping out like every minute!

Thank you,

Sami

 

[Steven L Umbach]

I don't know exactly what the mumbo jumbo details mean but basically a
computer from the internet IP address 86.62.217.124 is trying to access a
share on your computer which uses port 139 TCP and 445 TCP for such. There
should be some setting in Norton that allows to not bother you about such
messages in the future and if you can not find that try posting in one of
the Norton/Symantec forums or maybe someone else here will have the details.

I would also suggest that you disable file and print sharing on your
computer if you have no needs to share folders or printers with anyone by
going to Control Panel/network connections. Then go into the properties of
your network connection and uncheck file and print sharing. If you are using
cable or DSL I also strongly suggest that you get an "internet router" such
as one of the many offered by Linksys, Netgear, D-Link, and others at very
reasonable prices to be the first line of defense for your computer/network
and that also should make such messages go away as the internet router would
block those attempts in default configuration. --- Steve

 

[Guest]

My reply is at the bottom of your message :

Hello,

I for the last couple of days i keep receiving the following annoying
message generated by my Norton Anti virus 2006:

Details: Attempted Intrusion "MS ASN1 Integer Overflow TCP" against your
machine was detected and blocked.
Intruder: 86.62.217.124(3477).
Risk Level: High.
Protocol: TCP.
Attacked Port: 139

I would appreciate any help getting rid of this annoying message that keeps
popping out like every minute!

Thank you,

Sami

Hello Sami !

This message is generated because a remote computer is trying to get into
your computer (which is bad as you can understand) .Fortunately Norton is
doing its job and has blocked that attack.Bravo !

What you should do is to check in Norton settings really carefully if there
is a setting of turning off not the worm protection but the notification.

The other which is the better one, I think .If you have Windows XP only.

So , if you have Windows XP , turn OFF Norton's internet worm protection
from its settings.Use the integrated firewall in Windows XP .
Windows XP a firewall which is really good and is working automatically so
it will not bother you . Norton will only inform you at start up that
Norton's worm protection is off but you don't worry.
Learn how to enable Windows XP's firewall .Make sure you set it to "Don't
allow exceptions" !
http://support.microsoft.com/default.aspx?scid=kb;en-us;283673

Learn how to protect your computer :
http://www.microsoft.com/protect


Do not hesitate to contact the Community again !

Panda_man

 

[Guest]

Good evening all,

I've been having the same challenge as 'Sami'. Symantec has suggested a
problem with 'an integer overflow in Microsoft's Abstract Syntx Notation1' as
in the following link:
http://www.symantec.com.br/avcenter/attack_sigs/s20409.html

I've taken the advice posted & it seems to work, however, is there a bug
with Microsoft's Abstract Syntx Notation1 that needs to be addressed? & how
does one let MS know about it?

Have a nice evening...

Marpole Joel

 

[Guest]

Hello all,
I have been having the same problem for the last 24 hours. However, when I
go to the web link you have posted, there is no fix for Windows XP SP2 Media
Center. The worm protection is doing its job and not allowing the intrusion
to go through. Any suggestions?

 

[captain_mariah]

I have the same probem.

According to the website (
http://securityresponse.symantec.com/avcenter/attack_sigs/s20409.html) users
are strongly advised to obtain fixes as soon as possible with a patch.

The only problem is there don't seem to be one for Microsoft Windows Vista
Home P. So, how do I fix it for the Vista program?

How come my computer suddenly is continuisly attacked by this now everytime
I go online? Can I prevent this from happening? Will the attacks disappear
after a while? (and I don't mean shutting the notifications down; will it
attack my computer for ever now?)

How do I prevent this kind of attacks? Is there websites should you avoid at
all cost (forums, yahoo..and so on)?

 

[MowGreen [MVP]]

Important As of May 2004, the most current versions of the files that are listed in this article (828028) are available in MS04-011:

835732 (http://support.microsoft.com/kb/835732/) MS04-011: Security update for Microsoft Windows

Microsoft Security Bulletin MS04-011
Security Update for Microsoft Windows (835732)
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Neither XP SP2 nor Vista are listed under Affected software.
Nor are they listed on the Symantec page:
http://securityresponse.symantec.com/avcenter/attack_sigs/s20409.html

HOWEVER, there are 3rd party softwares listed that *are* vulnerable and
are listed in the Symantec article. And, the version of NAV that is
installed is * outdated *.

*** The system is being attacked because * 3rd party * software is
vulnerable. ***
So, the question begs, have you kept *3rd party* software updated ?

For no-charge assistance with an exploited, compromised system:

" No charge support
• Call 1-866-PCSafety or 1-866-727-2338

This phone number is for virus and other security-related support. It is
available 24 hours a day for the U.S. and Canada. For phone numbers
outside of the U.S. and Canada, select your region.
http://support.microsoft.com/common/international.aspx?rdpath=4 "



MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============

 

[captain_mariah]

I am still getting attacked every time I go online. I have updated every
program I can think off, even *Third part*. However, I don't have so many
Third part software since allmost all programs came with the computer when I
got it. I don't usually download programs, the only one I have downloaded
that I can think off is MSN Messenger. I used to have XP, could it be that I
have downloaded programs for XP into the vista such as Office programs. Could
they be the weakness?

I have never had this program before, it is only now, since april, that I am
getting these attacks.

I keep getting messanges like:

Details: Attempted Intrusion "MS ASN1 Integer Overflow TCP" against your
machine was detected and blocked.
Intruder: 90.235.156.52,3287
90.235.136.35,1808
90.235.150.119,3035
and so on..
Risk Level: High.
Traffic description: TCP, 3287

I also get portscans now and then. For example:

Intruder: 10.0.0.1, 53
Traffic description: UDP, 53

Please tell me, is there something I can do to aviod being attacked or stop
them from even trying to attack my computer when I am online?

There is no patch for this?

Getting desperate...

Important As of May 2004, the most current versions of the files that are listed in this article (828028) are available in MS04-011:
835732 (http://support.microsoft.com/kb/835732/) MS04-011: Security update for Microsoft Windows

Microsoft Security Bulletin MS04-011
Security Update for Microsoft Windows (835732)
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Neither XP SP2 nor Vista are listed under Affected software.
Nor are they listed on the Symantec page:
http://securityresponse.symantec.com/avcenter/attack_sigs/s20409.html

HOWEVER, there are 3rd party softwares listed that *are* vulnerable and
are listed in the Symantec article. And, the version of NAV that is
installed is * outdated *.

*** The system is being attacked because * 3rd party * software is
vulnerable. ***
So, the question begs, have you kept *3rd party* software updated ?

For no-charge assistance with an exploited, compromised system:

" No charge support
• Call 1-866-PCSafety or 1-866-727-2338

This phone number is for virus and other security-related support. It is
available 24 hours a day for the U.S. and Canada. For phone numbers
outside of the U.S. and Canada, select your region.
http://support.microsoft.com/common/international.aspx?rdpath=4 "



MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============

I have the same probem.

According to the website (
http://securityresponse.symantec.com/avcenter/attack_sigs/s20409.html) users
are strongly advised to obtain fixes as soon as possible with a patch.

The only problem is there don't seem to be one for Microsoft Windows Vista
Home P. So, how do I fix it for the Vista program?

How come my computer suddenly is continuisly attacked by this now everytime
I go online? Can I prevent this from happening? Will the attacks disappear
after a while? (and I don't mean shutting the notifications down; will it
attack my computer for ever now?)

How do I prevent this kind of attacks? Is there websites should you avoid at
all cost (forums, yahoo..and so on)?


:

 

[MowGreen [MVP]]

http://www.dnsstuff.com/tools/whois.ch?ip=10.0.0.1
This IP address belongs to Internet Assigned Numbers Authority.

http://www.dnsstuff.com/tools/whois.ch?ip=90.235.136.35,1808
The above is an ISP in Sweden.
Is this your internet provider ?

*What* is telling you that the system is 'under attack', please ?

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============

I am still getting attacked every time I go online. I have updated every
program I can think off, even *Third part*. However, I don't have so many
Third part software since allmost all programs came with the computer when I
got it. I don't usually download programs, the only one I have downloaded
that I can think off is MSN Messenger. I used to have XP, could it be that I
have downloaded programs for XP into the vista such as Office programs. Could
they be the weakness?

I have never had this program before, it is only now, since april, that I am
getting these attacks.

I keep getting messanges like:

Details: Attempted Intrusion "MS ASN1 Integer Overflow TCP" against your
machine was detected and blocked.
Intruder: 90.235.156.52,3287
90.235.136.35,1808
90.235.150.119,3035
and so on..
Risk Level: High.
Traffic description: TCP, 3287

I also get portscans now and then. For example:

Intruder: 10.0.0.1, 53
Traffic description: UDP, 53

Please tell me, is there something I can do to aviod being attacked or stop
them from even trying to attack my computer when I am online?

There is no patch for this?

Getting desperate...






:

Important As of May 2004, the most current versions of the files that are listed in this article (828028) are available in MS04-011:
835732 (http://support.microsoft.com/kb/835732/) MS04-011: Security update for Microsoft Windows

Microsoft Security Bulletin MS04-011
Security Update for Microsoft Windows (835732)
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Neither XP SP2 nor Vista are listed under Affected software.
Nor are they listed on the Symantec page:
http://securityresponse.symantec.com/avcenter/attack_sigs/s20409.html

HOWEVER, there are 3rd party softwares listed that *are* vulnerable and
are listed in the Symantec article. And, the version of NAV that is
installed is * outdated *.

*** The system is being attacked because * 3rd party * software is
vulnerable. ***
So, the question begs, have you kept *3rd party* software updated ?

For no-charge assistance with an exploited, compromised system:

" No charge support
• Call 1-866-PCSafety or 1-866-727-2338

This phone number is for virus and other security-related support. It is
available 24 hours a day for the U.S. and Canada. For phone numbers
outside of the U.S. and Canada, select your region.
http://support.microsoft.com/common/international.aspx?rdpath=4 "



MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============



captain_mariah wrote:

I have the same probem.

According to the website (
http://securityresponse.symantec.com/avcenter/attack_sigs/s20409.html) users
are strongly advised to obtain fixes as soon as possible with a patch.

The only problem is there don't seem to be one for Microsoft Windows Vista
Home P. So, how do I fix it for the Vista program?

How come my computer suddenly is continuisly attacked by this now everytime
I go online? Can I prevent this from happening? Will the attacks disappear
after a while? (and I don't mean shutting the notifications down; will it
attack my computer for ever now?)

How do I prevent this kind of attacks? Is there websites should you avoid at
all cost (forums, yahoo..and so on)?


:



Hello,

I for the last couple of days i keep receiving the following annoying
message generated by my Norton Anti virus 2006:

Details: Attempted Intrusion "MS ASN1 Integer Overflow TCP" against your
machine was detected and blocked.
Intruder: 86.62.217.124(3477).
Risk Level: High.
Protocol: TCP.
Attacked Port: 139

I would appreciate any help getting rid of this annoying message that keeps
popping out like every minute!

Thank you,

Sami

 

[etrange]

Sorry but I don't understand what relation between file and print sharing and
those alerts from Norton?

 

[captain_mariah]

http://www.dnsstuff.com/tools/whois.ch?ip=90.235.136.35,1808

The above is an ISP in Sweden.
Is this your internet provider ?
Yes

*What* is telling you that the system is 'under attack', please ?

Norton Antivirus

I am still getting attacked every time I go online. I have updated every
program I can think off, even *Third part*. However, I don't have so many
Third part software since allmost all programs came with the computer when I
got it. I don't usually download programs, the only one I have downloaded
that I can think off is MSN Messenger. I used to have XP, could it be that I
have downloaded programs for XP into the vista such as Office programs. Could
they be the weakness?

I have never had this program before, it is only now, since april, that I am
getting these attacks.

I keep getting messanges like:

Details: Attempted Intrusion "MS ASN1 Integer Overflow TCP" against your
machine was detected and blocked.
Intruder: 90.235.156.52,3287
90.235.136.35,1808
90.235.150.119,3035
and so on..
Risk Level: High.
Traffic description: TCP, 3287

I also get portscans now and then. For example:

Intruder: 10.0.0.1, 53
Traffic description: UDP, 53

Please tell me, is there something I can do to aviod being attacked or stop
them from even trying to attack my computer when I am online?

There is no patch for this?

Getting desperate...






:

Important As of May 2004, the most current versions of the files that are listed in this article (828028) are available in MS04-011:
835732 (http://support.microsoft.com/kb/835732/) MS04-011: Security update for Microsoft Windows

Microsoft Security Bulletin MS04-011
Security Update for Microsoft Windows (835732)
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Neither XP SP2 nor Vista are listed under Affected software.
Nor are they listed on the Symantec page:
http://securityresponse.symantec.com/avcenter/attack_sigs/s20409.html

HOWEVER, there are 3rd party softwares listed that *are* vulnerable and
are listed in the Symantec article. And, the version of NAV that is
installed is * outdated *.

*** The system is being attacked because * 3rd party * software is
vulnerable. ***
So, the question begs, have you kept *3rd party* software updated ?

For no-charge assistance with an exploited, compromised system:

" No charge support
• Call 1-866-PCSafety or 1-866-727-2338

This phone number is for virus and other security-related support. It is
available 24 hours a day for the U.S. and Canada. For phone numbers
outside of the U.S. and Canada, select your region.
http://support.microsoft.com/common/international.aspx?rdpath=4 "



MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============



captain_mariah wrote:


I have the same probem.

According to the website (
http://securityresponse.symantec.com/avcenter/attack_sigs/s20409.html) users
are strongly advised to obtain fixes as soon as possible with a patch.

The only problem is there don't seem to be one for Microsoft Windows Vista
Home P. So, how do I fix it for the Vista program?

How come my computer suddenly is continuisly attacked by this now everytime
I go online? Can I prevent this from happening? Will the attacks disappear
after a while? (and I don't mean shutting the notifications down; will it
attack my computer for ever now?)

How do I prevent this kind of attacks? Is there websites should you avoid at
all cost (forums, yahoo..and so on)?


:



Hello,

I for the last couple of days i keep receiving the following annoying
message generated by my Norton Anti virus 2006:

Details: Attempted Intrusion "MS ASN1 Integer Overflow TCP" against your
machine was detected and blocked.
Intruder: 86.62.217.124(3477).
Risk Level: High.
Protocol: TCP.
Attacked Port: 139

I would appreciate any help getting rid of this annoying message that keeps
popping out like every minute!

Thank you,

Sami

 

[captain_mariah]

Yesterday I got new kinds of notifications of attacks from Nortion:

MSRPC Malicious LSASS DS Request BO (2)
attacking computer: 90.235.158.84, 3249
Trafficdescription: TCP, 3249

MS RPC LSASS DS Oversize Request (TCP)
attacking computer: 90.235.161.105, 1895
Trafficdescription: TCP, 1895
what is this?
How do I prevent it

 

[MowGreen [MVP]]

1) Which Version of NAV ?
2) Is NAV part of a Symantec security suite that includes a firewall ?

3) * Is the system on a home network [eg. wireless or wired involving a
router] ? *

90.235.161.105 and 90.235.158.84 is your Internet Provider [IP]. It
appears that NAV is providing a False Positive [FP] concerning ICMP
requests from your IP or your IP is at fault for sending malformed ICMP
packets.
I'd bet on the former knowing how NAV functions.



MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============

 

[etrange]

The same problem here with my ISP's IP addresses.NAV detects it as attacks.

1) Which Version of NAV ?
2) Is NAV part of a Symantec security suite that includes a firewall ?

3) * Is the system on a home network [eg. wireless or wired involving a
router] ? *

1. NAV 2008
2. No,standalone.
3. Yes

1) Which Version of NAV ?
2) Is NAV part of a Symantec security suite that includes a firewall ?

3) * Is the system on a home network [eg. wireless or wired involving a
router] ? *

90.235.161.105 and 90.235.158.84 is your Internet Provider [IP]. It
appears that NAV is providing a False Positive [FP] concerning ICMP
requests from your IP or your IP is at fault for sending malformed ICMP
packets.
I'd bet on the former knowing how NAV functions.



MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============

Norton Antivirus

Yesterday I got new kinds of notifications of attacks from Nortion:

MSRPC Malicious LSASS DS Request BO (2)
attacking computer: 90.235.158.84, 3249
Trafficdescription: TCP, 3249

MS RPC LSASS DS Oversize Request (TCP)
attacking computer: 90.235.161.105, 1895
Trafficdescription: TCP, 1895
what is this?
How do I prevent it

 

[MowGreen [MVP]]

Configure the router to block ALL ICMP pings or onfigure NAV to not
popup a warning when receiving ICMP pings from your ISP.
I'd do the *former* if it were my system.
Consult the Manual for the router or visit the router manufacturer's web
site to learn how this is done.

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============

The same problem here with my ISP's IP addresses.NAV detects it as attacks.

1) Which Version of NAV ?
2) Is NAV part of a Symantec security suite that includes a firewall ?

3) * Is the system on a home network [eg. wireless or wired involving a
router] ? *

1. NAV 2008
2. No,standalone.
3. Yes

:

1) Which Version of NAV ?
2) Is NAV part of a Symantec security suite that includes a firewall ?

3) * Is the system on a home network [eg. wireless or wired involving a
router] ? *

90.235.161.105 and 90.235.158.84 is your Internet Provider [IP]. It
appears that NAV is providing a False Positive [FP] concerning ICMP
requests from your IP or your IP is at fault for sending malformed ICMP
packets.
I'd bet on the former knowing how NAV functions.



MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============



captain_mariah wrote:

http://www.dnsstuff.com/tools/whois.ch?ip=90.235.136.35,1808


The above is an ISP in Sweden.
Is this your internet provider ?


Yes



*What* is telling you that the system is 'under attack', please ?


Norton Antivirus

Yesterday I got new kinds of notifications of attacks from Nortion:

MSRPC Malicious LSASS DS Request BO (2)
attacking computer: 90.235.158.84, 3249
Trafficdescription: TCP, 3249

MS RPC LSASS DS Oversize Request (TCP)
attacking computer: 90.235.161.105, 1895
Trafficdescription: TCP, 1895
what is this?
How do I prevent it

 

[tye]

OMG. THAT WHATS GONGON WITH MY COMPUTER BUT ITS ANTIVIRUS 2008 THAT KEEPS
POPPING UP AND KEEPS TELING ME THAT MY COMUTER NEEDS TO BE PROTECTED WHEN I
DO HAVE PROTECTION. I CANT EVEN OPEN UP CERTAIN WEB PAGES UNLESS IT POPS UP
SAYING CONTINUE UNPROTECTED OR BUY ANTIIRUS 2008 AND YOU'LL BE PROTECTED!!!!
PLEASE HELP..ME HOPEFULLY YOUR PROBLEM IS FIXED!!

 

[Malke]

OMG. THAT WHATS GONGON WITH MY COMPUTER BUT ITS ANTIVIRUS 2008 THAT KEEPS
POPPING UP AND KEEPS TELING ME THAT MY COMUTER NEEDS TO BE PROTECTED WHEN
I DO HAVE PROTECTION. I CANT EVEN OPEN UP CERTAIN WEB PAGES UNLESS IT POPS
UP SAYING CONTINUE UNPROTECTED OR BUY ANTIIRUS 2008 AND YOU'LL BE
PROTECTED!!!! PLEASE HELP..ME HOPEFULLY YOUR PROBLEM IS FIXED!!

1. You've tacked your completely unrelated issue onto someone else's thread.
Not cool. In the future make a new post and don't forget to include all
pertinent details per:

http://www.elephantboycomputers.com/page2.html#Usenet
http://support.microsoft.com/default.aspx/kb/555375 - How to Ask a Question

2. Please don't type in all capital letters. On Usenet (where you are
posting whether you realize it or not) it is considered shouting and rude.
I know you didn't mean to be rude but you will limit the responses you get.
See links above for more details.

3. To answer your question, your computer is infected with a rogue
antispyware program. It is called "rogue" because it pretends to be A Good
Guy when it is The Bad Guy. To clean this, go to the link below and find
removal instructions for the program that is telling you to purchase it:

Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

After you've done that, if you want more help from this newsgroup please
make a new post (see Item #1 above).

Malke

 

[MS ASN1 I...]

Hello,

I for the last couple of days i keep receiving the following annoying
message generated by my Norton Anti virus 2006:

Details: Attempted Intrusion "MS ASN1 Integer Overflow TCP" against your
machine was detected and blocked.
Intruder: 86.62.217.124(3477).
Risk Level: High.
Protocol: TCP.
Attacked Port: 139

I would appreciate any help getting rid of this annoying message that keeps
popping out like every minute!

Thank you,

Sami