Attempted Intrusion "MS ASN1 Integer Overflow TCP"

Attempted Intrusion "MS ASN1 Integer Overflow TCP": Posted by Sami on March 17th, 2006; Hello,

I for the last couple of days i keep receiving the following annoying
message generated by my Norton Anti virus 2006:

Details: Attempted Intrusion "MS ASN1 Integer Overflow TCP" against your
machine was detected and blocked.
Intruder: 86.62.217.124(3477).
Risk Level: High.
Protocol: TCP.
Attacked Port: 139

I would appreciate any help getting rid of this annoying message that keeps
popping out like every minute!

Thank you,

Sami; Posted by Steven L Umbach on March 17th, 2006; I don't know exactly what the mumbo jumbo details mean but basically a
computer from the internet IP address 86.62.217.124 is trying to access a
share on your computer which uses port 139 TCP and 445 TCP for such. There
should be some setting in Norton that allows to not bother you about such
messages in the future and if you can not find that try posting in one of
the Norton/Symantec forums or maybe someone else here will have the details.

I would also suggest that you disable file and print sharing on your
computer if you have no needs to share folders or printers with anyone by
going to Control Panel/network connections. Then go into the properties of
your network connection and uncheck file and print sharing. If you are using
cable or DSL I also strongly suggest that you get an "internet router" such
as one of the many offered by Linksys, Netgear, D-Link, and others at very
reasonable prices to be the first line of defense for your computer/network
and that also should make such messages go away as the internet router would
block those attempts in default configuration. --- Steve

"Sami" <Sami@discussions.microsoft.com> wrote in message
news:53008FE2-FF7F-4B59-877C-7328F3045D50@microsoft.com...; Posted by Panda_man on March 17th, 2006; My reply is at the bottom of your message :

"Sami" wrote:

Hello Sami !

This message is generated because a remote computer is trying to get into
your computer (which is bad as you can understand) .Fortunately Norton is
doing its job and has blocked that attack.Bravo !

What you should do is to check in Norton settings really carefully if there
is a setting of turning off not the worm protection but the notification.

The other which is the better one, I think .If you have Windows XP only.

So , if you have Windows XP , turn OFF Norton's internet worm protection
from its settings.Use the integrated firewall in Windows XP .
Windows XP a firewall which is really good and is working automatically so
it will not bother you . Norton will only inform you at start up that
Norton's worm protection is off but you don't worry.
Learn how to enable Windows XP's firewall .Make sure you set it to "Don't
allow exceptions" !
http://support.microsoft.com/default...b;en-us;283673

Learn how to protect your computer :
http://www.microsoft.com/protect

Do not hesitate to contact the Community again !

Panda_man
--
Prevention is always better than cure !
--
My web-site:
http://pandaman.my.contact.bg
Panda's free online scanner (check for ALL kind of threats)
http://www.activescan.com; Posted by Marpole Joel on March 18th, 2006; Good evening all,

I've been having the same challenge as 'Sami'. Symantec has suggested a
problem with 'an integer overflow in Microsoft's Abstract Syntx Notation1' as
in the following link:
http://www.symantec.com.br/avcenter/...gs/s20409.html

I've taken the advice posted & it seems to work, however, is there a bug
with Microsoft's Abstract Syntx Notation1 that needs to be addressed? & how
does one let MS know about it?

Have a nice evening...

Marpole Joel

"Steven L Umbach" wrote:; Posted by mike on March 18th, 2006; Hello all,
I have been having the same problem for the last 24 hours. However, when I
go to the web link you have posted, there is no fix for Windows XP SP2 Media
Center. The worm protection is doing its job and not allowing the intrusion
to go through. Any suggestions?

"Marpole Joel" wrote:; Posted by captain_mariah on April 28th, 2008; I have the same probem.

According to the website (
http://securityresponse.symantec.com...gs/s20409.html) users
are strongly advised to obtain fixes as soon as possible with a patch.

The only problem is there don't seem to be one for Microsoft Windows Vista
Home P. So, how do I fix it for the Vista program?

How come my computer suddenly is continuisly attacked by this now everytime
I go online? Can I prevent this from happening? Will the attacks disappear
after a while? (and I don't mean shutting the notifications down; will it
attack my computer for ever now?)

How do I prevent this kind of attacks? Is there websites should you avoid at
all cost (forums, yahoo..and so on)?

"Sami" wrote:; Posted by MowGreen [MVP] on April 28th, 2008; Microsoft Security Bulletin MS04-011
Security Update for Microsoft Windows (835732)
http://www.microsoft.com/technet/sec.../ms04-011.mspx

Neither XP SP2 nor Vista are listed under Affected software.
Nor are they listed on the Symantec page:
http://securityresponse.symantec.com...gs/s20409.html

HOWEVER, there are 3rd party softwares listed that *are* vulnerable and
are listed in the Symantec article. And, the version of NAV that is
installed is * outdated *.

*** The system is being attacked because * 3rd party * software is
vulnerable. ***
So, the question begs, have you kept *3rd party* software updated ?

For no-charge assistance with an exploited, compromised system:

" No charge support
â€¢ Call 1-866-PCSafety or 1-866-727-2338

This phone number is for virus and other security-related support. It is
available 24 hours a day for the U.S. and Canada. For phone numbers
outside of the U.S. and Canada, select your region.
http://support.microsoft.com/common/....aspx?rdpath=4 "

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============

captain_mariah wrote:; Posted by captain_mariah on May 4th, 2008; I am still getting attacked every time I go online. I have updated every
program I can think off, even *Third part*. However, I don't have so many
Third part software since allmost all programs came with the computer when I
got it. I don't usually download programs, the only one I have downloaded
that I can think off is MSN Messenger. I used to have XP, could it be that I
have downloaded programs for XP into the vista such as Office programs. Could
they be the weakness?

I have never had this program before, it is only now, since april, that I am
getting these attacks.

I keep getting messanges like:

Details: Attempted Intrusion "MS ASN1 Integer Overflow TCP" against your
machine was detected and blocked.
Intruder: 90.235.156.52,3287
90.235.136.35,1808
90.235.150.119,3035
and so on..
Risk Level: High.
Traffic description: TCP, 3287

I also get portscans now and then. For example:

Intruder: 10.0.0.1, 53
Traffic description: UDP, 53

Please tell me, is there something I can do to aviod being attacked or stop
them from even trying to attack my computer when I am online?

There is no patch for this?

Getting desperate...

"MowGreen [MVP]" wrote:; Posted by MowGreen [MVP] on May 5th, 2008; http://www.dnsstuff.com/tools/whois.ch?ip=10.0.0.1
This IP address belongs to Internet Assigned Numbers Authority.

http://www.dnsstuff.com/tools/whois....35.136.35,1808
The above is an ISP in Sweden.
Is this your internet provider ?

*What* is telling you that the system is 'under attack', please ?

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============

captain_mariah wrote:; Posted by etrange on May 6th, 2008; Sorry but I don't understand what relation between file and print sharing and
those alerts from Norton?

"Steven L Umbach" wrote:; Posted by captain_mariah on May 6th, 2008; Yes

Norton Antivirus; Posted by captain_mariah on May 6th, 2008; Yesterday I got new kinds of notifications of attacks from Nortion:

MSRPC Malicious LSASS DS Request BO (2)
attacking computer: 90.235.158.84, 3249
Trafficdescription: TCP, 3249

MS RPC LSASS DS Oversize Request (TCP)
attacking computer: 90.235.161.105, 1895
Trafficdescription: TCP, 1895
what is this?
How do I prevent it; Posted by MowGreen [MVP] on May 6th, 2008; 1) Which Version of NAV ?
2) Is NAV part of a Symantec security suite that includes a firewall ?

3) * Is the system on a home network [eg. wireless or wired involving a
router] ? *

90.235.161.105 and 90.235.158.84 is your Internet Provider [IP]. It
appears that NAV is providing a False Positive [FP] concerning ICMP
requests from your IP or your IP is at fault for sending malformed ICMP
packets.
I'd bet on the former knowing how NAV functions.

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============

captain_mariah wrote:; Posted by etrange on May 7th, 2008; The same problem here with my ISP's IP addresses.NAV detects it as attacks.

1) Which Version of NAV ?
2) Is NAV part of a Symantec security suite that includes a firewall ?

3) * Is the system on a home network [eg. wireless or wired involving a
router] ? *

1. NAV 2008
2. No,standalone.
3. Yes

"MowGreen [MVP]" wrote:; Posted by MowGreen [MVP] on May 12th, 2008; Configure the router to block ALL ICMP pings or onfigure NAV to not
popup a warning when receiving ICMP pings from your ISP.
I'd do the *former* if it were my system.
Consult the Manual for the router or visit the router manufacturer's web
site to learn how this is done.

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============

etrange wrote:

Similar Posts

Differences of Acronis "OS Selector","Partition Expert" and "Disk Director" ?? (Help and Support) by Frank Callone
Differences of Acronis "OS Selector","Partition Expert" and "Disk Director" ?? (Microsoft Windows) by Frank Callone
Get "Search", not "Open", if click drive on "My Computer" screen (Microsoft Windows) by Bill
I am getting a ballon on the screen that says "System Intrusion .. (Help and Support) by mvball3
"Overflow" error message.... (Computers & Technology) by Dewayne Smith