IPB

Welcome Guest ( Log In | Register )

 Forum Rules 
 
Reply to this topicStart new topic
> Security
CommieBastard
post Oct 10 2003, 09:34 AM
Post #1


Remorseless posting machine
*************

Group: Moderators
Posts: 5,749
Joined: 19-July 03
From: Bloody London
Member No.: 466
Gender: Male



Whenever I try to look at a large thread - the 'Questions' thread, say - internet security registers what may be an attack, usually from the IP 80.1.98.99 but sometimes from others, "characteristic of an MS_RPC_DCOM_BufferOverflow attack". I can't view these threads unless I disable security. Any idea what's going on?


--------------------
Every sort of expert knowledge and every inquiry, and similarly every action and undertaking, seems to seek some good. Because of that, people are right to affirm that the good is 'that which all things seek'...
Go to the top of the page
 
+Quote Post
Mr Fuzzy
post Oct 10 2003, 10:10 AM
Post #2


This space intentionally left blank
************

Group: Admin
Posts: 2,368
Joined: 30-March 03
From: Venta Belgarum
Member No.: 203
Gender: Male



Odd... That IP is from the same range/ISP as you are using now. What are you using for security?


--------------------
We are at war with Eastasia. We have always been at war with Eastasia. We were never at war with Eurasia. Eurasia is our ally.
Go to the top of the page
 
+Quote Post
CommieBastard
post Oct 10 2003, 10:11 AM
Post #3


Remorseless posting machine
*************

Group: Moderators
Posts: 5,749
Joined: 19-July 03
From: Bloody London
Member No.: 466
Gender: Male



Norton Internet Security. Yes, I know, it sucks.


--------------------
Every sort of expert knowledge and every inquiry, and similarly every action and undertaking, seems to seek some good. Because of that, people are right to affirm that the good is 'that which all things seek'...
Go to the top of the page
 
+Quote Post
CommieBastard
post Oct 10 2003, 10:14 AM
Post #4


Remorseless posting machine
*************

Group: Moderators
Posts: 5,749
Joined: 19-July 03
From: Bloody London
Member No.: 466
Gender: Male



An attempt to look at the 'Whatchoo Listenin' to, Foo'?" thread just gave me an "attack" from 212.140.127.154 and 80.1.122.190.


--------------------
Every sort of expert knowledge and every inquiry, and similarly every action and undertaking, seems to seek some good. Because of that, people are right to affirm that the good is 'that which all things seek'...
Go to the top of the page
 
+Quote Post
Mr Fuzzy
post Oct 10 2003, 10:16 AM
Post #5


This space intentionally left blank
************

Group: Admin
Posts: 2,368
Joined: 30-March 03
From: Venta Belgarum
Member No.: 203
Gender: Male



Norton's OK, you just want a more beefed up version than that. I'm running their products myself, and I've never had the problem you seem to have. I'd be inclined to speak to your ISP about it, because it's coming from one of their addresses.


--------------------
We are at war with Eastasia. We have always been at war with Eastasia. We were never at war with Eurasia. Eurasia is our ally.
Go to the top of the page
 
+Quote Post
CommieBastard
post Oct 10 2003, 10:19 AM
Post #6


Remorseless posting machine
*************

Group: Moderators
Posts: 5,749
Joined: 19-July 03
From: Bloody London
Member No.: 466
Gender: Male



I'm sure it's not an attack. Why would big threads attack me? It's happened with the Official Spam Thread, the Ask Each Other Questions thread, the Whatchoo' Listenin' To, Foo'? thread, and the Song-Based Chain Quiz thread. All threads with a lot of replies, which seems quite a bizarre correlation.


--------------------
Every sort of expert knowledge and every inquiry, and similarly every action and undertaking, seems to seek some good. Because of that, people are right to affirm that the good is 'that which all things seek'...
Go to the top of the page
 
+Quote Post
Mr Fuzzy
post Oct 10 2003, 10:21 AM
Post #7


This space intentionally left blank
************

Group: Admin
Posts: 2,368
Joined: 30-March 03
From: Venta Belgarum
Member No.: 203
Gender: Male



Erm... It may well be an attack, just not coming from those threads. They come up clear for me. We don't even have any posts from any of those IPs. Possibly some monkey is poking at you and switching apparent addresses while doing so.


--------------------
We are at war with Eastasia. We have always been at war with Eastasia. We were never at war with Eurasia. Eurasia is our ally.
Go to the top of the page
 
+Quote Post
CommieBastard
post Oct 10 2003, 10:24 AM
Post #8


Remorseless posting machine
*************

Group: Moderators
Posts: 5,749
Joined: 19-July 03
From: Bloody London
Member No.: 466
Gender: Male



Well, I don't know anything about this sort of thing, it just seems odd to me that this would get registered only when I look at threads with a lot of replies. Also, Norton's been picking this up since I installed it a day or two ago, which would imply that it's been going on for a while and I haven't noticed it. This leads me to wonder what they (if there is a "they") are doing. Also, do you know what an "MS_RPC_DCOM_BufferOverflow" attack is?


--------------------
Every sort of expert knowledge and every inquiry, and similarly every action and undertaking, seems to seek some good. Because of that, people are right to affirm that the good is 'that which all things seek'...
Go to the top of the page
 
+Quote Post
Mata
post Oct 10 2003, 05:05 PM
Post #9


'Trouble Down Pit' now online!
***************

Group: Admin
Posts: 10,206
Joined: 22-February 03
From: Southern UK
Member No.: 1
Gender: Male



I've no idea what's going on there, I've not encountered that myself. I've got the latest version of Norton's Firewall and Anti-virus running on my machine and not had that happen. I'd be inclined to agree with Mr Fuzzy, it sounds like there may be someone poking at your machine... Maybe trying to ride in on the back of large internet file downloads? Is such a thing possible?

I'm not convinced by the new version of Norton Anti-virus, I've had nothing but problems with it since I first installed it... Then again, it was pretty much hot-off-the-press so perhaps they hadn't got all the bugs out, it wasn't even in shops, I bought a downloaded version directly from their site. I've had to re-install it three times and sometimes it doesn't recognise me when Windows starts and I have to restart the computer.


--------------------
Trouble Down Pit: Still updated every Monday and Friday
The Matazone Games blog
The Matazone Shop The Matazone Blog
The Matazone Corset Shop: Snobz corsets at 10% off their recommended price!
Go to the top of the page
 
+Quote Post
Sir Psycho Sexy
post Oct 19 2003, 12:10 PM
Post #10


Technically a giant, intellectual midget.
************

Group: Established Members
Posts: 4,319
Joined: 29-March 03
From: Enger-land
Member No.: 197
Gender: Transgender



I used to get that a lot actually, dodgy IP's that kept coming from china or some obsure place (not that china's obscure) so i uninstalled it, it was giving me grief about legitimate things and i decided it wasn't worth the hassle....so i uninstalled it, no problems here...well one or two viruses....hmm....might be an idea to reinstall it after all >_>


--------------------
He's a freak of nature, but we love him so.
Go to the top of the page
 
+Quote Post
Pab
post Oct 20 2003, 10:13 AM
Post #11


Has been kidnapped by gerbils and forced to post on here repeatedly
***********

Group: Validating
Posts: 1,075
Joined: 13-July 03
Member No.: 451
Gender: Male



This is not THE ANSWER but its a point:

There is a thing that Norton Firewall does to me when I connect via FTP to certain servers, ftp being a different kettle of fish from http. For security reasons, the server dynamically changes port numbers a lot, to make it more difficult to hack. This rapid change of port numbers makes Norton Firewall think I'm getting port-scanned, and it locks up on that IP. In order for it to work, I have to tell NF to stop getting bloody paranoid with THAT SPECIFIC IP.

Now then, you're getting an 'over-flow' related thing from your ISPs IP range, with an alleged accomplice on some other IP ... I'm guessing that your ISP may have some dynamic malarky going on that is being INTERPRETED as something bad ... It may be that you have to tell the firewall to go easy on your ISP's IP range ... This would leave your computer open to some bad stuff, like if another user of your ISP has a virus/trojan job happening ... I would reccommend trying to talk with somebody WHO KNOWS WHAT THEY'RE DOING at your ISP, and find out what they are doing .... If they dont answer or if they deny everything, I suggest dressing up as Big Bird from Sesame Street, and parading outside thier offices with a sandwich board that says 'My ISP suck dog saussies' until they find an answer....


good luck ....


--------------------
Smileys don't mean not destuctive and not vicious
Go to the top of the page
 
+Quote Post
Mr Fuzzy
post Oct 20 2003, 10:26 AM
Post #12


This space intentionally left blank
************

Group: Admin
Posts: 2,368
Joined: 30-March 03
From: Venta Belgarum
Member No.: 203
Gender: Male



QUOTE (Pab @ Oct 20 2003, 11:22 AM)
I would reccommend trying to talk with somebody WHO KNOWS WHAT THEY'RE DOING at your ISP, and find out what they are doing....

Hah! He'll be lucky - I think his ISP is NTL, and while they do have some competent people there, you need to spend quite some time and effort talking to people in a call centre (possibly orbiting Io) to get to them.

I'm on NTL myself, and haven't had similar problems. The only partucularly awkward thing I know of that they have set up is transparent proxy caching. You can read something about it here. I doubt that has anything to do with the question at hand though.


--------------------
We are at war with Eastasia. We have always been at war with Eastasia. We were never at war with Eurasia. Eurasia is our ally.
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



Lo-Fi Version Time is now: 23rd October 2017 - 04:26 AM
Use these links if you're going to shop at Amazon and a percentage of what you spend goes towards helping this site!