ms asn1 integer overflow tcp

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

just installed norton but it continually comes up with the above with
different ip's as the point of source it does ask if i want to allow 'the
intrusion' but as i don't know anything about the origin i just allow it to
block but could it be a legitimate communication between two progs ie hotmail
or anything that needs possible updates or alerts ? running xp pro service
pack 2

thanks clueless (southern_clansman)
 
southern_clansman said:
just installed norton but it continually comes up with the above with
different ip's as the point of source it does ask if i want to allow 'the
intrusion' but as i don't know anything about the origin i just allow it
to
block but could it be a legitimate communication between two progs ie
hotmail
or anything that needs possible updates or alerts ? running xp pro service
pack 2
Click to expand...

Posting the remote IP address here for us to see, or doing a WHOIS lookup on
that IP at www.nwtools.com or www.netsol.com [click Whois or Xwhois] may
help. Doing a Google search on that IP address in "quotation" marks might
give some info as well.

If you block it and nothing seems to break, you probably didn't need it.
 
karl levinson said:
southern_clansman said:
just installed norton but it continually comes up with the above with
different ip's as the point of source it does ask if i want to allow 'the
intrusion' but as i don't know anything about the origin i just allow it
to
block but could it be a legitimate communication between two progs ie
hotmail
or anything that needs possible updates or alerts ? running xp pro service
pack 2
Click to expand...

Posting the remote IP address here for us to see, or doing a WHOIS lookup on
that IP at www.nwtools.com or www.netsol.com [click Whois or Xwhois] may
help. Doing a Google search on that IP address in "quotation" marks might
give some info as well.

If you block it and nothing seems to break, you probably didn't need it.

--
kind regards,
Karl Levinson, CISSP, CCSA, MCSE [MS MVP]
--------------------------------
Microsoft Security FAQ:
http://securityadmin.info

karl did the search you suggested found that the ip origin was from RIPE based in amsterdam which apparently controls ip's for europe contacted my isp who were at best vague re why RIPE were hitting me so i'm going to continue blocking thanks for the search tool tip john
Click to expand...
 
RIPE assigns IP addresses to other entities and is not the entity that was
"hitting" you. That whois was probably telling you that it was unable to
give you the real entity name for some reason and that you would have to go
to www.ripe.net/whois to get the real whois results.
 
karl levinson said:
RIPE assigns IP addresses to other entities and is not the entity that was
"hitting" you. That whois was probably telling you that it was unable to
give you the real entity name for some reason and that you would have to go
to www.ripe.net/whois to get the real whois results.

your'e absolutely correct went on the ripe site put in two of the ip's that i wrote down both came back as bulldog communications who are my isp in the uk although when i spoke on the phone they were vague and said to just keep blocking have copied the txt on the ripe site to show you the info but does this mean that i will have a static ip as i'm blocking the intrusion don't want to get too bogged down as long as i'm safe don't really mind see attached and thanks again......john
Click to expand...

Information related to '87.74.48.0 - 87.74.49.255'
inetnum: 87.74.48.0 - 87.74.49.255
netname: BULLDOG-CHT-DYN
descr: Dynamic IP pool cht-bas-001
remarks: INFRA-AW
country: GB
admin-c: BC419-RIPE
tech-c: BC419-RIPE
status: ASSIGNED PA
mnt-by: BDDSL-MNT
source: RIPE # Filtered
role: Bulldog Communciations
address: 26 Red Lion Square
address: London
address: WC1R 4HQ
remarks: ---------------------------------------------------
remarks: Please do NOT send abuse complaints to the contacts
remarks: listed. Please email them to (e-mail address removed)
remarks: ---------------------------------------------------
e-mail: (e-mail address removed)
admin-c: NS2319-RIPE
admin-c: SB264-RIPE
admin-c: RP1180-RIPE
tech-c: NS2319-RIPE
tech-c: KK1297-RIPE
tech-c: AW1547-RIPE
tech-c: JT1938-RIPE
mnt-by: BDDSL-MNT
nic-hdl: BC419-RIPE
source: RIPE # Filtered
% Information related to '87.74.0.0/16AS25310'
route: 87.74.0.0/16
descr: Bulldog Communications
origin: AS25310
mnt-by: BDDSL-MNT
source: RIPE # Filtered
 
Back
Top