Norton Internet Security Alert.

Hello Folks, From time to time my Norton Internet Security alerts me to a possible attack. It informs me that site 127.0.0.1 is trying to make contact. Further information refers to HTTP_ACRIVEPERL_OVERFLOW attack and that the the contact belongs to a computer on my local network therefore the is no information. I am not on a network. I would be obliged if anyone could enlighten me on this matter. Regards, William.

 

Hi, heres what Symantec (maker of Norton) says:

HTTP_ActivePerl_Overflow
Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.

Attack Category: Suspicious Activity

Anomalous network conditions or traffic patterns. A suspicious activity signature, for example, might detect two systems with identical IP addresses, a condition that indicates an attempted IP spoofing attack.

Description

Older versions of ActivePerl on Windows have a buffer overflow vulnerability. An attacker can exploit this vulnerability to execute arbitrary code at the privilege level of the Web server process. This signature detects attempts to exploit the ActivePerl vulnerability through HTTP.

Links

CAN-2001-0815

BID 3526

Vulnerable Components

Activestate ActivePerl Version 5.6.1.629 and earlier on Windows

False Positive

This signature may not indicate malicious intent if ActivePerl versions other than those listed above are used or ActivePerl is not used at all. In this case, you can exclude this signature from monitoring.

Any help from that?

(BTW 127.0.0.1 is your Network Interface Card's loopback address.)

 

Hi. Zcorpio. Many thanks for your reply. It is somewhat hi tech for me. I would take it that I have not much to worry about. Regards, William.