Attacks on my computer

  [DELETED] 20:59 21 Nov 2003

Over the last couple of weeks, my Norton Firewall software keeps reporting a
"HTTP_Active Perl_Overflow" attack.
It always comes from an IP address which, I am told, belongs to a computer on my local network.

I am not connected to a network. Can anyone out there shed some light on what might be happening. Could it be a legitimate process which is being stopped by my Firewall for some reason.

Any help would be greatly appreciated.

  [DELETED] 22:46 21 Nov 2003

Is it an incoming or outgoing warning? and do you have active-perl installed on your machine?

it sounds like someone just scanning for an an unchecked buffer in active-perl so they can manipulate an over-run to run code on your machine. if its incoming and your firewall is picking it up then you have no reason to worry. if its outgoing then there are varios measures you can take to hunt down any dodgy programs on your machine. start with Adaware and spybot search and destroy, run these two programs and they will find most things. run a full virus scan then content yourself that you have a good firewall and relax.

  [DELETED] 23:06 21 Nov 2003

Read this thread click here is the B.T. Server looking to see if you are still connected, Nothing to wory about,

  [DELETED] 00:17 22 Nov 2003

horiz5 - What on earth is active perl? Seems to be an incoming. A virus scan was run automatically yesterday and reported no viruses.
However, I will get hold of adaware and spybot and see if they come up with anything. Will report in due course.

noddy 1 - No reason for BT to be involved. I am on Virgin broadband. I will read the link.

Thanks to you both for responding

  [DELETED] 07:37 22 Nov 2003 is the loopback address of your own computer. don't worry about it.

we all have it.

  Forum Editor 08:05 22 Nov 2003

There's nothing to worry about.

As you undoubtedly know, any computer on a network (and the Internet is just a vast network) is identified by an IP address which consists of four numbers separated by dots. Your IP address, which is usually dynamically assigned by your ISP each time you connect, enables your machine to be uniquely identified - if necessary you can be traced by it.

There is one address that cannot be used by any computer in the world however, and that address is The reason is that this IP number has been reserved as what is known as the loopback address. A loopback address tells the computer not to test its connections to another computer, but to test its own basic network setup.

Your question is an interesting example of the kind of concern that has arisen ever since personal firewalls became the rage - people see each contact as an 'attack', and worry about the consequences. The truth of course is that personal computers are almost never attacked, they have nothing worthy of a true hacker's time. If you were to be professionally attacked by a real hacker you probably wouldn't even know about it, and your firewall certainly wouldn't stop it. For some time now I haven't used a firewall, and I know of many other people who don't bother either. I'm not advocating that we all dump our firewalls and run naked into the world wide web, but consider the fact that until fairly recently nobody used them - we were all oblivious to the dozens of things that go bonk in the cyber night.

Let you firewall do what it does, and relax - the chances of your machine being attacked from out there are so slight as to be not worth worrying about.

  Andsome 08:35 22 Nov 2003

With greatest respect, and I have no doubt that you and Gandalph know a lot more about computers than I ever will, I must question this theory that home computers will not be hacked. I appreciate the fact that ISP's will do periodic checks, but where do all the other attempts come from. Norton Personal Firewall allows tracking of hacking attempts. I can frequently go for days without any warnings, and then get several in one day. I certainly DO NOT worry about this as the firewall is doing it's job. However I usually track them out of curiosity. Yesterday was a busy day, I had attacks from China of all places, Dallas, Sana Cruz in California, and Sicily. My ISP is NTL, and I'm sure that they don't try to access my computer from these places.

  [DELETED] 16:08 22 Nov 2003

Thank you everyone - I can relax! Not that I have any idea of loopbacks etc. However, I did notice that the alert came every time I went back to my home page on Virgin.

Andsome - I too have had attacks from such places as Montevideo, Uruguay and Ulm in Germany. Having tracked them, can we do anything else?

  Andsome 10:40 23 Nov 2003

I just ignore them, as far as I am concerned the firewall is doing it's job. I only trace the attacks out of curiosity, not concern.

  [DELETED] 11:08 23 Nov 2003

When you are connected to the net you usually get the information from a series of routers and servers. If you contact Ebay UK for instance, you will not connect directly to their server. You will probably 'hop' along several. These can be and usually are in any country.

A good analogy is sending a letter from London to Glasgow. The letter does not directly go from the postbox to the goes to a sorting office (Mount Pleasant?), then to Birmingham, then to central depot, Glasgow, then to a district distribution office.

You will get more traffic from China and other countries as a) they are having routers and servers placed in them as it is a lot cheaper to run the infrastructure, and b) IT seems to be moving more Eastwards so expect Mumbai and all ports east to register highly. Santa Cruz is an important US node for net traffic as is Montevideo...the fact that both are crawling with 'I'll have to kill you if I tell you' US military bases is purely coincidental but they are damn fine chaps to let us piggy-back on their Crays click here ;-))

ALL lined broadband in the UK runs through BT, so even if you are using Virgin, Bulldog, Tiscali, Freeserve etc. you are a slave to BT. The only services, for the general public, that do not use BT are NTL and Telewest as they are cables (plus any other cableco's that have escaped me and the bankruptcy courts).

'I am not connected to a network'...maybe not at home but as soon as you connect to the net you are on a huuuuuuge network ;-)).

As I have wittered on before, I have removed firewalls from both home computers and many of my friemds are doing the same. There is more chance of Rip Van Winkle's bedside reading light blowing a bulb than of being hacked at home and a quick scan of Astalavista, Attrition and the Cult of the Dead Cow will soon show why. There is a massive amount of rubbish talked about hacking which benefits certain security companies or lets their CEO's rabbit on and on, ad infinitum/nauseum, and shame on anyone that thinks I am refering to ZA. ;-))))

I do not advocate that everyone dumps firewalls.....yet. We have noticed some quite interesting events, sans firewalls, of which there will be more later. There is a marked increase in performance when not using a firewall.


This thread is now locked and can not be replied to.

Elsewhere on IDG sites

How to watch the World Cup for free on TV and online

Meet Superfiction, the little design studio with a load of character

Best Mac buying guide 2018

Comment résoudre les problèmes de connexion internet d’un iPhone ?