Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Invalid TCP Options - can't find much info on the net, need help...

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » The DU Lounge Donate to DU
 
Deja Q Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-11-04 08:34 PM
Original message
Invalid TCP Options - can't find much info on the net, need help...
I had one attack overnight last night while the computer was sitting there idle. (okay, I was downloading a droopy dog cartoon at the time, but that was all... I thought nothing more of it, except that the Linksys firewall may be rubbish...)

But today? 4 attacks of this nature, all within a one hour timeframe, coming from sources such as pcworld.com and, get this, DU of all places!

:wow:

http://securityresponse.symantec.com/avcenter/nis_ids/sigs/invalid_tcp_options.html

Given that I did install a new hardware firewall yesterday, could it be perioically scrambling packet headers somehow? The h/w firewall is blissfully ignorant of these "invalid TCP options" supposed attacks yet Norton Internet Security is having a field day picking them up. I don't believe for one attosecond that any of these attacks are real attacks, despite Symantec claiming that false positives are impossible. Nothing is impossible. Only unexplained.

Or what's the chance the DSL modem is acting up? I know of a bug the Actiontec 1524 has (it locks up shortly after using UDP...) but I think that's a separate issue...

Thanks!
Printer Friendly | Permalink |  | Top
JaySherman Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-11-04 08:41 PM
Response to Original message
1. Try installing a second firewall
ZoneAlarm free would work. See what it tells you.
Printer Friendly | Permalink |  | Top
 
Nlighten1 Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-11-04 08:51 PM
Response to Original message
2. Chances are it is nothing to worry about...
You can drive yourself crazy watching a firewall you know...
Printer Friendly | Permalink |  | Top
 
Deja Q Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-11-04 09:11 PM
Response to Reply #2
5. Hopefully...
I'll keep an eye open all the same. Norton never detected this stuff before... For the (now) 5 attacks today, I'm positive they're all falsies. (It's the Linksys h/w firewall isn't reporting anything of concern...)
Printer Friendly | Permalink |  | Top
 
Florida_Geek Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-11-04 08:53 PM
Response to Original message
3. I use BlackIce and it WAS good until the company got
brought out, but that another story.

These are major attacks I got just going to autobytel.

3/11/2004 7:07:56 PM, HTTP_GETargscript, autobytel.com, 1
3/11/2004 7:07:43 PM, HTTP_GETargscript, autobytel.com, 2
3/11/2004 7:07:24 PM, HTTP_GETargscript, autobytel.com, 1
3/11/2004 7:07:22 PM, HTTP_GETargscript, autobytel.com, 1
3/11/2004 7:07:21 PM, HTTP_GETargscript, autobytel.com, 1
3/11/2004 7:07:20 PM, HTTP_GETargscript, autobytel.com, 3
3/11/2004 7:07:18 PM, HTTP_GETargscript, autobytel.com, 3
3/11/2004 7:07:11 PM, HTTP_GETargscript, autobytel.com, 1
3/11/2004 7:07:07 PM, HTTP_GETargscript, autobytel.com, 1
3/11/2004 7:07:03 PM, HTTP_GETargscript, autobytel.com, 1
3/11/2004 7:06:59 PM, HTTP_GETargscript, autobytel.com, 1
3/11/2004 7:06:56 PM, HTTP_GETargscript, autobytel.com, 1
3/11/2004 7:06:52 PM, HTTP_GETargscript, autobytel.com, 1
3/11/2004 7:06:49 PM, HTTP_GETargscript, autobytel.com, 1
3/11/2004 7:06:44 PM, HTTP_GETargscript, autobytel.com, 1
3/11/2004 7:06:39 PM, HTTP_GETargscript, autobytel.com, 1
3/11/2004 7:06:36 PM, HTTP_GETargscript, autobytel.com, 2
3/11/2004 7:05:43 PM, HTTP_GETargscript, autobytel.com, 2
3/11/2004 7:05:21 PM, HTTP_GETargscript, autobytel.com, 1
3/11/2004 7:04:32 PM, TCP_Probe_Other, YOUR-M3VEZYX8AF, 3
3
Printer Friendly | Permalink |  | Top
 
Deja Q Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-11-04 09:20 PM
Response to Reply #3
6. I've gone to their site and did a few car searches...
Then checked my logs. Nothing like what you'd posted had shown up at all.

I should search for a free firewall test...
Printer Friendly | Permalink |  | Top
 
jayfish Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Mar-11-04 09:09 PM
Response to Original message
4. If You Have An NT Based Version Of Windows...
try stopping the messenger service. These are probably ads coming by way of Windows Messenger (Not To Be Confused With MSN Messenger or any other chat program). The service is intended to show you system messages at the console or remote workstation but advertisers can us it to send you ads. I'm not sure if pop-up stoppers are much use against them. Your firewall may have messenger packets blocked by default and thats why your seeing the warnings. My .02

Jay
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to add this author to your Ignore list Fri May 03rd 2024, 09:35 PM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » The DU Lounge Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC