?
Solved

Intrusion reported, but why?

Posted on 2005-03-19
2
Medium Priority
?
264 Views
Last Modified: 2013-12-04
Hello:

I am running Windows XP Pro.

Norton Internet Security 2005 reported this error several times at the same site on my machine.  

Attempted Intrusion "MSIE_File_Drag_and_Drop_Embed_Code" against your machine was detected and blocked.
Intruder: my.domain.com(xx.xx.xx.xxx)(http(80)).
Risk Level: High.
Protocol: TCP.
Attacked IP: 0.0.0.0.
Attacked Port: 2011.

Now, I have a special concern about this because I actually created the files at that website and it's mostly plain vanilla html with drop down menus made using my software suite.  There are 4 files that use php to create a small database and this database is used in only one area of the site.  When surfing to this site, the home page comes up, but then the pattern becomes erratic.  If I click on the starting page for the dynamic pages, that also comes up, but the persuant files do not.  After that, the rest of the site (html files) will not display either.  

I called Symantec and spent 2 hours with them today. They are now "researching" this issue and will call me back tomorrow.  They did duplicate the problem. If I turn the Internet Security off the entire site displays just fine.  There is really nothing particularly unusual about this site.  It has been functioning well since it was installed on the server.  I'm not certain how long this has been going on, but a search for this problem brought me to this page:

http://www.symantec.com/avcenter/security/Content/2005.02.14.html   which states that on Feb 14 some update addressed the issue of MSIE_File_Drag_and_Drop_Embed_Code.   I wonder if that is when the issue actually began.  

I've called the web host for the site and he cannot identify anything at all wrong with the site.  I'm not certain what could be tripping this intrusion report but the bottom line is that I fear that a substantial number of people may have difficulty viewing the site and I don't know what to do.  I don't know what this is referring to.  There are no files to drag and drop on this site.  I do have a couple of links to .pdf files on some pages, and outbound links to other sites too, but as I said, it's all been working just fine up until now for a long time.  

I found some further information that is difficult for me to understand, yet I believe may be related, at this page:  http://www.sans.org/newsletters/risk/vol3_33.php

How can I fix something when I don't know what's causing the issue?!!  Help!!  I am responsible for making this website work properly.



I have NO problems whatsoever with other pages on the net on this system.  
0
Comment
Question by:linque
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Accepted Solution

by:
Phil_Agcaoili earned 2000 total points
ID: 13606242
Not to trivialize your issue, but there are quite a few IDS/IPS signatures that are written very poorly...

This one sounds like a false-positive, but since you alerted Symantec to the problem they will probably also corroborate my opinion and come up with an update.

They do not provide any further information on the details of this signature and I'm guessing that this alert was meant to detect when Websites are either depositing files to your system (e.g. Open, Save, etc. dialogue windows) or that am embedded Web function called a file to be read.

Regardless, this is probably a false-positive and I would ignore the alert until Symantec fixes it or states that it's a bogus alert and to simply ignore it.
0
 

Author Comment

by:linque
ID: 13606452
Hi

Yup, they have been working with me.. I've been passed to the software development and research team.  It's frustrating and they move a bit slowly, but in the end they are trying to be helpful both to me and to themselves.  Thank you for your thoughtful opinion
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses
Course of the Month13 days, 17 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question