Symanec Protection Suites

 View Only
Back to discussions
Expand all | Collapse all

Norton Firewall>Vulnerability blocked>"HTTP Blackhole toolkit activity"

  • 1.  Norton Firewall>Vulnerability blocked>"HTTP Blackhole toolkit activity"

    Posted Jun 22, 2011 12:52 PM
      |   view attached

     

    Mac OS X 10.6.7

     

    Just this morning, Norton Firewall popped up a "Vulnerability blocked" message listing "HTTP Blackhole toolkit Activity" as the blocked vulnerability, the Direction as "Outgoing," both the Remote address and Host as: 195.14.112.36, which ARIN identifies as the RIPE Network Coordination Centre (RIPE), the Réseaux IP Européens Network Coordination Centre (RIPE NCC) is the Regional Internet Registry (RIR) for Europe, the Middle East and parts of Central Asia. It is headquartered in Amsterdam, The Netherlands.

     

    Blocking RIPENCC would block all net access to Europe, the Middle East and parts of Central Asia, which is pretty drastic, and I'd rather not do it (though it would certainly cut down on spam considerably).

     

    Also, does this "Blackhole toolkit" have anything to do with "Blackhole RAT," discussed on several security blogs?

     

    What can I do about this, or am I worrying for nothing?

     

    Thanks!

     

    Bart Brown



  • 2.  RE: Norton Firewall>Vulnerability blocked>"HTTP Blackhole toolkit activity"

    Posted Jun 30, 2011 11:44 AM

    There is a chance you may have an infection That IP (195.14.112.36) is known for malicious activity. Download the latest definitions and run a full scan.

     

    FYI, you may want to post this in the Norton Community as well. There are experts there with Norton on Mac OS.

    http://community.norton.com/norton/