• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!

Kudos0

PLEASE HELP! Web Attack: Exploit Toolkit Website 33

Hello. On security history, I saw an entry that Web Attack: Exploit Toolkit Website 33 was blocked. The thing is, the "Attacking Computer" was OUR OWN COMPUTER.  What does this mean? Why would Norton block something from our own computer? What can I do? Here's the entry...

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
7/22/2013 5:51:13 PM,High,An intrusion attempt by DENNIS-HP was blocked.,Blocked,No Action Required,Web Attack: Exploit Toolkit Website 33,No Action Required,No Action Required,"DENNIS-HP (192.168.1.64, 59298)",ekranie.bubbybear.com:801/talent-erosion_register.php,"91.231.86.26, 801",192.168.1.64 (192.168.1.64),"TCP, Port 59298"

We just recently installed a wireless modem. Could that have something to do with it?


Thanks. 

Replies

Kudos0

Re: PLEASE HELP! Web Attack: Exploit Toolkit Website 33

Hello. On security history, I saw an entry that Web Attack: Exploit Toolkit Website 33 was blocked. The thing is, the "Attacking Computer" was OUR OWN COMPUTER.  What does this mean? Why would Norton block something from our own computer? What can I do? Here's the entry...

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
7/22/2013 5:51:13 PM,High,An intrusion attempt by DENNIS-HP was blocked.,Blocked,No Action Required,Web Attack: Exploit Toolkit Website 33,No Action Required,No Action Required,"DENNIS-HP (192.168.1.64, 59298)",ekranie.bubbybear.com:801/talent-erosion_register.php,"91.231.86.26, 801",192.168.1.64 (192.168.1.64),"TCP, Port 59298"

We just recently installed a wireless modem. Could that have something to do with it?


Thanks. 

Kudos0

Re: PLEASE HELP! Web Attack: Exploit Toolkit Website 33

Hi caleb89sw

Does the attacking computer have any security software if it does what is it?

Is the attacking computer connected to the web?

ATB

intesec

Kudos0

Re: PLEASE HELP! Web Attack: Exploit Toolkit Website 33

We only have one computer. The only security software I know of is Norton. Yes, it's connected to the web.

Kudos0

Re: PLEASE HELP! Web Attack: Exploit Toolkit Website 33

Can you post the description that appears under the information you provided, that states "Network traffic from ____ matches..."?  Norton will normally show your computer as the attacking computer if the attack came by way of one of the programs on your PC, such as your browser.  This does not mean that your computer actually launched the attack.  I am a little concerned however, since you seem to be reporting a lot of intrusion attempts lately. 

Kudos0

Re: PLEASE HELP! Web Attack: Exploit Toolkit Website 33

Hi caleb89sw

Can you post and explain how you got this information then I can check what I have from my intrusion alerts?

ATB

intesec

Kudos0

Re: PLEASE HELP! Web Attack: Exploit Toolkit Website 33

Can you post the description that appears under the information you provided, that states "Network traffic from ____ matches..."?

I'm sorry. I don't understand. Where do I find that?

I apologize if I freaked out a little or if i've been posting a lot about blocked attacks. I haven't noticed many intrusion attempts in the history for a while, though.

@intesec

I just copied the entry in the security history, then copied it here.

Kudos0

Re: PLEASE HELP! Web Attack: Exploit Toolkit Website 33


caleb89sw wrote:

Can you post the description that appears under the information you provided, that states "Network traffic from ____ matches..."?

I'm sorry. I don't understand. Where do I find that?


Should be right below where you found the information you already posted.

Kudos0

Re: PLEASE HELP! Web Attack: Exploit Toolkit Website 33

Ok, I got it. It said "Network Traffic from ekranie.bubbybear.com:801/talent-erosion_register.php matches signiture of a known attack" and it said it originated from Internet Explorer.
 

Accepted Solution
Kudos1

Re: PLEASE HELP! Web Attack: Exploit Toolkit Website 33

Yeah, it sounds like you browsed to a website that had been compromised.  The attack came from the website through Internet Explorer and was blocked by Norton.

Kudos0

Re: PLEASE HELP! Web Attack: Exploit Toolkit Website 33

Ok. Thanks for your help.

Replies are locked for this thread.