Hello. On security history, I saw an entry that Web Attack: Exploit Toolkit Website 33 was blocked. The thing is, the "Attacking Computer" was OUR OWN COMPUTER. What does this mean? Why would Norton block something from our own computer? What can I do? Here's the entry...
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
7/22/2013 5:51:13 PM,High,An intrusion attempt by DENNIS-HP was blocked.,Blocked,No Action Required,Web Attack: Exploit Toolkit Website 33,No Action Required,No Action Required,"DENNIS-HP (192.168.1.64, 59298)",ekranie.bubbybear.com:801/talent-erosion_register.php,"91.231.86.26, 801",192.168.1.64 (192.168.1.64),"TCP, Port 59298"
We just recently installed a wireless modem. Could that have something to do with it?
Thanks.
We only have one computer. The only security software I know of is Norton. Yes, it's connected to the web.
Can you post the description that appears under the information you provided, that states "Network traffic from ____ matches..."? Norton will normally show your computer as the attacking computer if the attack came by way of one of the programs on your PC, such as your browser. This does not mean that your computer actually launched the attack. I am a little concerned however, since you seem to be reporting a lot of intrusion attempts lately.
Hello. On security history, I saw an entry that Web Attack: Exploit Toolkit Website 33 was blocked. The thing is, the "Attacking Computer" was OUR OWN COMPUTER. What does this mean? Why would Norton block something from our own computer? What can I do? Here's the entry...
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
7/22/2013 5:51:13 PM,High,An intrusion attempt by DENNIS-HP was blocked.,Blocked,No Action Required,Web Attack: Exploit Toolkit Website 33,No Action Required,No Action Required,"DENNIS-HP (192.168.1.64, 59298)",ekranie.bubbybear.com:801/talent-erosion_register.php,"91.231.86.26, 801",192.168.1.64 (192.168.1.64),"TCP, Port 59298"
We just recently installed a wireless modem. Could that have something to do with it?
Thanks.
Hi caleb89sw
Can you post and explain how you got this information then I can check what I have from my intrusion alerts?
ATB
intesec
Can you post the description that appears under the information you provided, that states "Network traffic from ____ matches..."?
I'm sorry. I don't understand. Where do I find that?
I apologize if I freaked out a little or if i've been posting a lot about blocked attacks. I haven't noticed many intrusion attempts in the history for a while, though.
@intesec
I just copied the entry in the security history, then copied it here.
caleb89sw wrote:
Can you post the description that appears under the information you provided, that states "Network traffic from ____ matches..."?
I'm sorry. I don't understand. Where do I find that?
Should be right below where you found the information you already posted.
Ok, I got it. It said "Network Traffic from ekranie.bubbybear.com:801/talent-erosion_register.php matches signiture of a known attack" and it said it originated from Internet Explorer.
Yeah, it sounds like you browsed to a website that had been compromised. The attack came from the website through Internet Explorer and was blocked by Norton.
Ok. Thanks for your help.