Glad I found this site. I looked through the questions people posted and I don’t really see an answer for my question. So here it is
From thime to time (most recently 8/7/08 in the morning) I will get the following notice in my history (this is not the exact wording but close)
Attempted Intrusion "Portscan" against your machine was detected and blocked.
Risk Level: Medium.
Attacked IP: MY-PC.
Attacked Port: 52***
Of course I'm happy that this is blocked.
However later ( Last night) some Microsoft had some updates that required the computer to shut down and restart. So it restarted around 1:30am or so on its own.
We have the two account options on our computer- Admin and User. So when I woke up this morning the computer was on, but the screen showed that we had to “log in” under one of the two accounts. After logging in as user (which we always do), I checked on updates and all, and the Norton logs. Well the Norton Activity log showed the following in 'activity" for early early this morning.
Inbound UDP packet allowed.
Local address,service is (My-PC,601**).
Remote address,service is (192.168.0.1,domain(53)).
So I'm concerned that some how the Portscan intrusion now made its way on my comp.
I did a full system Norton scan and nothing showed except tracking cookies.. Also used SpyBot and nothing showed.
Now I know in my activity logs that Port Blocking allowed 192.168.0.1(8) happens all the time, for the last year, so I know thats not a problem. Just that the Portscan blocks appear to be the same as the UDP packet that was allowed. I use Norton Antivirus 2008. I have Vista Home Premium. And of course a DSL connection (anyone still on dial up??)
I appreciate any comments and help.