cebbigh said:
I went that route for a few years. Not bad but most people do not want to do manual updates of the software and manual run the programs.
Norton's shutdown my SatGuys connection due to possible "attack"?
- Thread starter waltinvt
- Start date
- Latest activity Latest activity:
- Replies 97
- Views 7K
- Status
I went that route for a few years. Not bad but most people do not want to do manual updates of the software and manual run the programs.
Well, it's only on Satguys and is the same message everyone else is getting. I am behind a couple firewalls and routers and I just redirected the request on my main router to a blackhole on my other router ( a cisco 1800 series).VIPERS-PIT said:
Plus if they were port scanning me, I should see traffice on my honey pot in the DMZ and I see nothing like that in the logs.
I use NIS for all the PC's on my home network as I don't konw what the kids and wife are up to all the time and like the pop ups to alert them to stuff they are doing.
Last edited:
Man - how do you guys know all this sh*t.
Anyway, Charper helped me out and I endup putting SayGuys on my exclusion site so I no longer get blocked out for 30 minutes. I still get the NIS alert pop-up for pages 3, 4 & 5 of that thread but at least I'm not blocked out.
So, would one of you smart guys take pity on this poor 'ol, techno-challenged soul and explain why certain threads that do this and also, is there any danger to my computor leaving SatGuys on the exclusion list.
Thanks
Anyway, Charper helped me out and I endup putting SayGuys on my exclusion site so I no longer get blocked out for 30 minutes. I still get the NIS alert pop-up for pages 3, 4 & 5 of that thread but at least I'm not blocked out.
So, would one of you smart guys take pity on this poor 'ol, techno-challenged soul and explain why certain threads that do this and also, is there any danger to my computor leaving SatGuys on the exclusion list.
Thanks
Walt's not the only one getting this, I just got one this evening:
Attempted Intrusion "ICC Profile TagData Overflow" against your machine was detected and blocked.
Intruder: www.satelliteguys.us(65.99.220.89)(http(80)).
Attempted Intrusion "ICC Profile TagData Overflow" against your machine was detected and blocked.
Intruder: www.satelliteguys.us(65.99.220.89)(http(80)).
I haven't received the warning since Friday and since Walt helped me fix NIS, I don't think I'll see it again. We'll see.
I got hit with this again whenever I went to the "New Look" thread at http://www.satelliteguys.us/showthread.php?t=71592
From the Symantec Security Response:
http://securityresponse.symantec.com/avcenter/attack_sigs/s21196.html
"ICC Profile data may possibly be embedded in various file formats, including JPEG, GIF, EXIF, TIFF, PNG, PICT, PDF, PostScript, SVG, JDF, and CSS3. Some of these formats may not provide an attack vector, especially if Microsoft does not provide native support or does not call the vulnerable functionality when handling certain formats. Formats that may not be affected due to lack of native support are PDF, PICT, and PostScript, though this has not been confirmed.
Successful exploitation may result in execution of arbitrary code in the context of the currently logged in user. This vulnerability could be exploited through a Web site that hosts a malicious document, by previewing or opening malicious content in email, or through other means that will allow an attacker to send the victim a malicious document."
Could it be that one of the pictures from all those adds has embedded ICC profile data?
BTW, this vulnerability was discovered on July 12. Symantec added it to their definition files shortly after that. Walt initial post was on July 16.
http://securityresponse.symantec.com/avcenter/attack_sigs/s21196.html
"ICC Profile data may possibly be embedded in various file formats, including JPEG, GIF, EXIF, TIFF, PNG, PICT, PDF, PostScript, SVG, JDF, and CSS3. Some of these formats may not provide an attack vector, especially if Microsoft does not provide native support or does not call the vulnerable functionality when handling certain formats. Formats that may not be affected due to lack of native support are PDF, PICT, and PostScript, though this has not been confirmed.
Successful exploitation may result in execution of arbitrary code in the context of the currently logged in user. This vulnerability could be exploited through a Web site that hosts a malicious document, by previewing or opening malicious content in email, or through other means that will allow an attacker to send the victim a malicious document."
Could it be that one of the pictures from all those adds has embedded ICC profile data?
BTW, this vulnerability was discovered on July 12. Symantec added it to their definition files shortly after that. Walt initial post was on July 16.
Last edited:
I guess it's clear now that it's not just my computer. What's not clear is why some with NIS experience the problem while others don't.
It might have something to do with those that have both been on SatGuys and also using NIS for a while (upgraded previous versions) versus those that, although on SatGuys a while, just recently installed NIS new for '06. Just speculating there.
BTW, has anyone that was getting the alert gotten it to stop after taking the Windows update? I didn't.
Even reconfiguring NIS to exclude this site didn't stop the alerts on the troublesome threads - it just stopped NIS from temporally restricting my access to the site.
Anyway, I guess the big question is are those of us configuring our NIS to "exclude" SatGuys "realistically" vulnerable to port invasion or not?
It might have something to do with those that have both been on SatGuys and also using NIS for a while (upgraded previous versions) versus those that, although on SatGuys a while, just recently installed NIS new for '06. Just speculating there.
BTW, has anyone that was getting the alert gotten it to stop after taking the Windows update? I didn't.
Even reconfiguring NIS to exclude this site didn't stop the alerts on the troublesome threads - it just stopped NIS from temporally restricting my access to the site.
Anyway, I guess the big question is are those of us configuring our NIS to "exclude" SatGuys "realistically" vulnerable to port invasion or not?
This is not to knock others choices, but personally, I refuse to ever have zonealarm on my computer again and I detest Computer Associates company in general (used to business with them)
I could also recommend that you check with your HSI provider, many offer free security packages as well. While I don't recommend 2 firewalls on the same PC or two virus scan programs, I do frequently use Spybot and Ad-Aware.
I could also recommend that you check with your HSI provider, many offer free security packages as well. While I don't recommend 2 firewalls on the same PC or two virus scan programs, I do frequently use Spybot and Ad-Aware.
Norton's consumer stuff has sucked for a long time. I still use their corporate edition AV client but none of their other stuff is allowed anywhere near any machine I am responsible for.
"I still use their corporate edition AV client "
I really like their Corporate Edition AV client, it's the best and that's all I use. I agree the home edition or NIS is horrible.
I really like their Corporate Edition AV client, it's the best and that's all I use. I agree the home edition or NIS is horrible.
I hopped on my son's Dimension to check out these threads since it has NIS 2006. It had no complaints. If I read the ICC exploit correctly, firewalls would not help since the additional code would be requested by the ICC-embedded exploit code, probably through your browser. XP's built-in firewall would only help if the exploiter tried to get back in to your machine, assuming the exploit didn't program an exception for itself...
I have been having that problem with the same threads too. I get the same error as all of you mentioned. I am using NIS 2006. I think it's something wrong with Norton.
2005 NIS, on 1 machine, Simular McAfee on other other 2 down with dead Master HDD's never had an issue...
- Status
