Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Norton Firewall>Vulnerability blocked>"HTTP Blackhole toolkit activity"

Created: 22 Jun 2011 | 1 comment

Mac OS X 10.6.7

Just this morning, Norton Firewall popped up a "Vulnerability blocked" message listing "HTTP Blackhole toolkit Activity" as the blocked vulnerability, the Direction as "Outgoing," both the Remote address and Host as: 195.14.112.36, which ARIN identifies as the RIPE Network Coordination Centre (RIPE), the Réseaux IP Européens Network Coordination Centre (RIPE NCC) is the Regional Internet Registry (RIR) for Europe, the Middle East and parts of Central Asia. It is headquartered in Amsterdam, The Netherlands.

Blocking RIPENCC would block all net access to Europe, the Middle East and parts of Central Asia, which is pretty drastic, and I'd rather not do it (though it would certainly cut down on spam considerably).

Also, does this "Blackhole toolkit" have anything to do with "Blackhole RAT," discussed on several security blogs?

What can I do about this, or am I worrying for nothing?

Thanks!

Bart Brown

Comments 1 CommentJump to latest comment

Thomas K's picture

There is a chance you may have an infection That IP (195.14.112.36) is known for malicious activity. Download the latest definitions and run a full scan.

FYI, you may want to post this in the Norton Community as well. There are experts there with Norton on Mac OS.

http://community.norton.com/norton/