|
|
ATTACKED IP from Google on TP
Dennis or others, My intrusion software just started getting hit, the past 2 days, from:
pagead2.googlesyndication.com(64.233.167.99) (http80).
Is anyone else seeing this?
I also show its an attack by a computer on my network. I'm not networked, yet. With the conflicting info I am reluctant to disable the warning. I get warned everytime I click on a topic or move to and from previous it the topic section. I am not to concerned about a maliasious attack from TP but with the stuff happening I try to be very careful.
Is google just trying to see what I read or have you (Dennis) installed a new monitoring system?
TIA Harvey
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Tractorpoint Operator Note:
Please DO NOT go out and install Symantec Internet Security 2005. Based on this report I made the fatal misstake of installing it on one of my backup machines that was working GREAT before the install. I am very &*%^*^(*^&&*^&* off at this point for doing what I intrinsically believed to be a misstake.
I was just trying to replicate Harvey's issue now I have problems. I noticed during the install of the &^*&^*&^ SW that it was going in too many areas for my liking.
Now I am paying the price losing alot of valuable data and time for *&*(&(*&*( darn it! Looks like I wil be foreced to rebuild the machine. BEWARE!!!!!!!
Dennis
|
|
Add Photo
Bookmarks: |
|
|
|
ATTACKED IP from Google on TP
Dennis I'm using Norton Internet Security, It updates daily.
The Security alert shows:
Intrusion: HTTP_ActivePerl_Overflow
Intruder: 0.0.0.0(3316)
Risk Level: Medium
Protocol: TCP.
Attacked IP: pagead2.googlesyndication.com(64.233.16...
Attacked Port:http(80)
I have looked at the secenarios and this could be a networked pc, but I do not have one. so it may be a computer trying to spoof the address.
Hell I don't know. I do wear glasses but I do not have a pocket protector yet! ;-0
The biggest RED FLAG is the address with part of a IP address.
I can call you or try to do this e-mail. You have my E-mail address.
Thanks Dennis
|
|
Add Photo
Bookmarks: |
|
|
|
ATTACKED IP from Google on TP
Dennis more of the info...
© 1995-2005 Symantec Corporation.
All rights reserved.
Legal Notices
Privacy Policy
HTTP_ActivePerl_Overflow
Severity: Medium
This attack could pose a moderate security threat. It does not require immediate action.
Attack Category: Suspicious Activity
Anomalous network conditions or traffic patterns. A suspicious activity signature, for example, might detect two systems with identical IP addresses, a condition that indicates an attempted IP spoofing attack.
Description
Older versions of ActivePerl on Windows have a buffer overflow vulnerability. An attacker can exploit this vulnerability to execute arbitrary code at the privilege level of the Web server process. This signature detects attempts to exploit the ActivePerl vulnerability through HTTP.
Links
CAN-2001-0815
BID 3526
Vulnerable Components
Activestate ActivePerl Version 5.6.1.629 and earlier on Windows
False Positive
This signature may not indicate malicious intent if ActivePerl versions other than those listed above are used or ActivePerl is not used at all. In this case, you can exclude this signature from monitoring.
|
|
Add Photo
Bookmarks: |
|
|
|
ATTACKED IP from Google on TP
The best that I can come up with is: Google at IP 64.233.167.99 is trying to follow any and all posts we view and or their ad links.
It is frustrating that they are this persistant however I am goin to keep them blocked.
3/16/200 was their first atempt at comming in the backdoor and they have been at it since on this site.
My software is set fairly secure so there are quite a few web sites that will not allow my visit.
Only very trusted sites will I allow cookies and or their backdooring into my PC. Currently I have 242 addresses that are allowed in the backdoor most of those are multipule pages from the same web.Maybe I need to spend some time today reviewing them...
I trust TP (Dennis) but I do not trust Google (backdooring me) even if they do have the best search engine.
|
|
Add Photo
Bookmarks: |
|
|
|
ATTACKED IP from Google on TP
Dennis I'm running Norton Internet Security 2004 up dated to 2005.
Security is: on
personal FW: on
Intrusion Detection: on
(notify me when ID blocks connection box checked)
(auto block is: on)
Block Traffic is: on
Privacy control is: on (medium)
Ad blocking is: on (default)
Sorry to be a pain but these just started 3/16. Either my setting got changed at that update or Google has changed their operation at that point.
|
|
Add Photo
Bookmarks: |
|
|
|
ATTACKED IP from Google on TP
Sorry Dennis about your misfortune. I've used Norton for several years. It has never let me down. I do agree it does get into many places I may not need it. However that's, in my opinon, a cost of having to many people with to much time on their hands to write malicious code.
The 2005 version has been on my PC for over 6 months now so it's not 2005. It could be a daily update but I doubt it. It has something to do with google looking in.
Google is a fine company I am sure, I think it is the best engine out there. But why all of a sudden do they need to see what we are looking at here.
What is a good quality security software.
|
|
Add Photo
Bookmarks: |
|
|
|
ATTACKED IP from Google on TP
I have just added Google to my unrestricted access file. Site works fine. I'll monitor that file also.
Also in reguards to the ad blockers. The pop-ups are a bigger PITA than the having to allow traffic. I remember years ago seeing my task bar so filled up it took 5+ minutes to clear it from all the garbage.
It really gets boring listening to your we're so small nobody bothers us.
Lets hope you guys running apples and other operating systems get to the point where idle minds with creativity decide to start on someone besides MS. That would be a good thing. More SW developers having to design all new virus SW. Another whole new industry in the works.
|
|
Add Photo
Bookmarks: |
|
|
|