OT Norton warning of security attack from this site?

[R100RT]

This probably doesn't mean a thing but..

Details: Attempted Intrusion "MSSQL_Null_Packet_DoS" against your machine was detected and blocked
Intruder: forums.stangnet.com(67.32.57.2)(http(80))
Risk Level: Low
Protocol: TCP
Attacked IP: YPJAHPZO(208.25.55.9).
Attacked Port: ms-sql-s(1433)

Click on the address to trace the attacker
You can get detailed information about this attack at Symantec Security Response

This has happened twice now. No other sites I visit has triggered Nortons blocking action. If this is a FALSE alert, please let me know.

 

[TheUser]

I recently started running the ZoneAlarm firewall because I was getting a trojan horse virus daily, generally more than once a day; I think it was either from stangnet or somehow through AIM. Anyway, ZoneAlarm pops up w/ "Protected" alterts quite often saying that it blocked an intrusion on such and such port. I haven't had a virus since installing ZoneAlarm.

I use AVG virus scan (it's free) and I would suggest everyone scan their system frequently if you don't already.

 

[5.0 Nostalgia]

This site has been strange lately. Maybe it's the Google Man. I think he tracks where you go.

 

[_jb_]

I get blasted with all types of "remote systems trying to access my computer" I just block them all.

 

[admstng]

Haven't researched this... but I think it could be "advertisment" based... also, many virus's are aimed/written toward SQL, stangnet could have a virus problem..

 

[squeeeg]

My norton dosn't say a thing about this site. I don't know. There is no way stangnet is doing anything to hurt us.

 

[TheUser]

My norton dosn't say a thing about this site. I don't know. There is no way stangnet is doing anything to hurt us.

Probably not intentionally, but someone could have hacked in or something. Be cautious is all I'm saying.

 

[R100RT]

This is the report from the first intrusion indcident:
I suggest you take a look at the site the attack is comming from. The attacking site physical address traces back to 575 Morsogo Drive, Atlanta, GA the ISP is Bellsouth.net
Perhaps, someone is using the site server to launch attacks from. Once again, I serf many other sites, none of which Norton has reacted to. I am not postive as I have no exsperaince in this matter. I am only wanting to notify those that do have exsperaince and who can say that this is normal for the site to send this type of data.

Details: Attempted Intrusion "MSSQL_Null_Packet_DoS" against your machine was detected and blocked
Intruder: forums.stangnet.com(67.32.57.2)(http(80))
Risk Level: Low
Protocol: TCP
Attacked IP: 208.25.60.86.
Attacked Port: ms-sql-s(1433)

Click on the address to trace the attacker
You can get detailed information about this attack at Symantec Security Response

 

[admstng]

You are behind a nat device.. this is a device that lets multiple devices access the internet or another network (linksys router, netgear, etc etc) when the device takes information in (or "packets") it will take it, and send it off to your local machine, during this process the information, or "packet" can be malformed, once this packets reaches your system, your firewall looks at it and says "i don't know this type of packet" and flags it as malicious. If you were to hook your computer up directly to your cable/dsl modem, you will most likey not experience this.

In this case it is flagged as a "dos attack" what a Denial Of Service attack is many packets sent to a machine/server that are large in size for the purpose of flooding a system until can not take anymore requests... ppl a long time ago (when firewalls and other devices were not so great at preventing this) would get together on irc (internet relay chat) in the masses and send DOS attacks to a specific site to take it down. if i remember correctly this happaned to yahoo.. and some virus's are also aimed to sent attacks to certain sites on a specific dates. i forgot the virus, buut last year there was one that aimed toward windowsupdate.microsoft.com. they failed however.

hope this clears some things up for you guys...

-Adam

 

[wyominghotwheel]

although google uses a spider, it shouldnot be following you to your ip. It is just supposed to search the site for current information, to update the search engine. Someone can try to attack from here, specially if you are set to recieve email's, all they need to do is click your profile and attempt to send you an email, get your ip, an mess with ya.......i myself wouldn't recieve emails, just let the pm system do it's thing...........just my .02 hotwheels of turborides

 

[83_5.0GT]

SOMEBODY GET RID OF THE GOOGLE DUSHE HE IS THE ONE I TRACED IT BACK HE IS ONE OF THE TROJANS!!!!thanks