Thanks and sorry everyone. I don't do this because I find it fun to annoy everyone, just trying to learn and understand so that I'm able to let go and let Norton do its job.

 

So its part of the if my browser sent out the request to sap IP 123. 45. 67 and a return came back on port 80  from 123.45.67 its cool.

 

But if say IP 987.65.43 tried to inbound connect to port 80, Norton says het, no request was snt out to 987.65.43 so BLOCKED

 

Is that process similar to the SPI (stateful packet inspection) that some routers have?

 

 

You are correct and SPI is much more detailed than what you have in NAV08 but in the same lines.

Thanks Dbris

so if I have a dynamicIP address from my ISP, lets say 123.45.567.89. Then I turn off my computer and disconnect from the internet

Then when I reboot after a day and reconnect to the internet my ISP gives me another IP address say 125.67.89.123,

 

1.so this new address was held by someone else before right?

 

2. What if the previous owner of that address( 125.67.89.123) allowed another IP address (89.765.342.112) to access say port 3389.

So would it be likely that the 89.765.342.112 address try to connect to my machine since I am now holding the previous address (125.67.89.123) it was allowed to connect with before?

First keep in mind that the IP address is only one layer of identification.  Before that is the subnet.  Your service provider is entitled to a subnet  that might compose several different number series, the IP address can be rotated among several subnets.  So the subnet number would have to match, the ISP address would have to match, the MAC address of the router and the user name.  All of which are layers of identification.  If identification fails at any of those points, the information packets are dropped.  Which means, they are not answered, or blocked.

Add this along with delphinium's multilayered masking and you get some of the general workings of IP addressing. 

 

 

No, because the addressing used to direct information through a network as large as the internet uses more addresses than just your local machine's IP.  This information request package would include the addressed (where to ask for information; called the destination [or server]) and the addressee (the requester of the information; called the source [or client]) .  At the information processor [the server],  the package is transformed from a request to a reply;  the requested information is encoded into the Ethernet package and the package addressing is changed with the source and destination being switched.  When this is received at your machine, a Stateful Packet Inspector looks at the package and sees the correct addresses, protocol and message format.  Some SPI will actually 'remember' what was allowed outbound so when something wants inbound, the SPI has a small database to match the request to.  If all the inspections match properly, then and only then is the Ethernet package allowed into the internal datastream.

 

Does this help any?