Hello,
I run the Notorns Program for protection on my computer!!! For the last week a person has been trying to hack into my "HTTP_IIS_ISAPI_EXTENTION
I'm told this attack could pose a serious security threat. That I  should take immediate action to stop any damage or prevent further damage from happening.
A wide range of exploits designed to interrupt basic network functions as opposed to stealing or modifying sensitive information. This signature detects attempts to overflow a buffer in the ISAPI extensions of the IIS server.
This signature detects large HTTP requests made to the .ida or .idq Internet Information Server (IIS) extensions. There is the potential for a buffer overflow in the idq.dll, which runs at the System security level, when handling URL requests. Once an attacker establishes a session on the web server and causes a buffer to overflow, he/she could perform virtually any function on that server.
Ok so now I done the search to find out what this is and I have found the ip adress and the location of where this person is but what I don't know is how do I report this person and who do I report them to???
Any information would be greatly appreciated.
This person continues to try to hack into me everytime I sign in this person tries to hack into this same HTTP
My nortons is of course detecting and blocking this person but it continues to happen. >:(
Thank you
Mary Lee

Hi Memmers,

I did a search on Google for HTTP_IIS_ISAPI_EXTENSION

To get to Google and the relevant pages type into your browser http://www.google.com/search?q=HTTP_IIS_IS...TENSION&num=100

[Select this address with your mouse and copy it, then paste it into your browser to save typing it all]!

It comes up with quite a few sites including some news from Norton!
One site has the info that you can use 'samspade' software to identify the ISP of the hacker. You can then complain to the ISP.
I use IDServe [freeware available at http://grc.com/id/idserve.htm] for the same purpose.
However, it is sometimes not possible to find the ISP, because the hacker uses proxies or for other reasons. The best solution seems to be to fit a hardware firewall and one of the sites Google came up with even had pictures showing how to do it. One site found the hacking started after playing a game on the web.
Best of luck, Bill.

Update.

I have a program [freeware] called slap.exe which can be used to send a message of your choice and/or a suitable wav file to the site which is hacking into your computer.
It integrates with ZoneAlarm 2.x / 3.x and BlackIce Defender and 2.x/3.5 and pops up as you are attacked and asks if you would like to 'slap' the offender.

Otherwise you enter the address of the site and choose how many times to 'slap' it.

You can choose the ports to cover.

The relevant webaddress for the software is http://www.securitysoftware.cc/apps.html

I got it from one of the links on page:::
http://ibd.ar.com/ger/comp/security/firewa...ls/content.html  [this is an interesting site in its own right].

Best regards, Bill.