Hi, does anybody know what this alert is about and how i can prevent them from being sent to me?
info from the security alert window:
Intrusion: HTTP MS IIS NTLM ASN1 BO
Intruder: 18.104.22.168(1353) - had many different addresses will list more i have manually blocked below.
Risk Level: High
Attacked IP: XXX.XXX.XX.XXX
Attacked Port: http(80).
Other addresses i have blocked include:
There are many more, they occur over different ports but i have recognised port 80 being used frequently. Im only asking here as the Symantec info page for HTTP MS IIS NTLM ASN1 BO found here: http://securityresponse.symantec.com/avcenter/nis_ids/s21141.html
says that it could pose a serious threat and i have had a problem the other week to do with Veritas Net Backup or something and dont want it to repeat any help would be greatly appreciated.
I could use an answer to this problem as soon as possible as i am going away on the 29th March.
Thanks for reading, if you need anymore information please post and i will try to supply.