| Author |
 Topic  |
|
Stevensan
Starting Member
38 Posts |
 Posted - 01 November 2007 : 20:51:30
|
| Well then. Thanks for the support of you guys my network administrator has not gotten back to me with my questions on the intrusion detection system. :) |
Snitz Forum 3.4 + PM + Poll + Avatar + Message Icon + Gender + Hover Color + CellBGImage + Additional Smilies + ActiveUser Mod |
 |
|
|
Stevensan
Starting Member
38 Posts |
Posted - 08 November 2007 : 20:16:33
|
Can anyone advise me on this? What should i do? I was informed by my network administrator of this security vulunerability. The details are as follows:
HTML_Hostname_Overflow alert detected on Forum.asp
Time: 2007-11-05 00:56:37 GMT
Tag Name: HTML_Hostname_Overflow
Event Count: 1 (Total of 19 count)
Severity: High
Source IP: xx.xx.xx.aa
Target IP: xx.xx.xx.bb (4 different Target IP detected)
Server: Intranet.xxxx
Packet SourcePort: 80
Packet DestinationPort: 1210 (Other includes 1858, 1053, 1230, 1229, 2080)
protocol: http
accessed: yes
URL: /FORUM/topic.asp
URI: http://www...arghhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
|
Snitz Forum 3.4 + PM + Poll + Avatar + Message Icon + Gender + Hover Color + CellBGImage + Additional Smilies + ActiveUser Mod |
|
|
|
weeweeslap
Senior Member
USA
1077 Posts |
Posted - 08 November 2007 : 20:23:33
|
| that's not a vulnerability imo, his detection system is just whack. |
coaster crazy |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
Stevensan
Starting Member
38 Posts |
Posted - 11 November 2007 : 20:37:01
|
I was bombarded with the document below. -_- so my answer to my network guy would be.
<<You need to upgrade your detection system and based on the content of the post no harm is done.>>
Microsoft Internet Explorer URL buffer overflow (HTML_Hostname_Overflow)
About this signature or vulnerability
Proventia Network IPS, Proventia-G 1.1 and earlier, Proventia Desktop, Proventia Network MFS, Proventia Server IPS for Linux, RealSecure Server Sensor, RealSecure Network, BlackICE PC Protection, BlackICE Agent for Server, BlackICE Server Protection, Proventia Server IPS for Windows:
This signature detects a malicious web page with a very long hostname.
Default risk level
High
..... so on and so forth...
|
Snitz Forum 3.4 + PM + Poll + Avatar + Message Icon + Gender + Hover Color + CellBGImage + Additional Smilies + ActiveUser Mod |
Edited by - Stevensan on 11 November 2007 20:37:40 |
|
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 12 November 2007 : 09:35:15
|
| erm - to my knowledge a well service-packed IIS is safe against overflows - I can see how they saw the arghhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh...etc as an attemnpt at a padded post to push for a buffer overflow though. |
|
|
|
Stevensan
Starting Member
38 Posts |
Posted - 14 November 2007 : 02:10:11
|
| Thanks for the advise. As long as its not a bug its fine with me. I better upgrade and learn more about all the server stuff... I see more trash coming... |
Snitz Forum 3.4 + PM + Poll + Avatar + Message Icon + Gender + Hover Color + CellBGImage + Additional Smilies + ActiveUser Mod |
|
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 14 November 2007 : 08:28:31
|
Keep us posted if you do get any more 'trash' - you never can tell when something you experience may be a vital clue in a bigger puzzle/whatever!
Thanks :-) |
|
|
|
Topic |
|
Topic Locked
