06-05-2009 06:17 AM
I use NAV2008 which has the inbound "firewall"
I know it works because i frequently get the following type of message
Unused port blocking has blocked communications.
Inbound TCP connection.
Remote address,local service is 18.104.22.168, 80.
where I assume 80 is the port number
So NAV2008 blocked an inbound to port 80? isn't the port 80 needed for accessing the internet?
06-05-2009 06:27 AM
This has been explained to you so many times I figured you would be posting it by now.
Your INBOUND port blocking selectively blocks unsoliticed traffic. In this case, this traffic was examined and found that a) it was not one of the allowed unsolicited allowed Inbound communication protocols and b) was not a reply to something sent out from your system. After examining this and found to be in compliance with the rules above, it was blocked.
06-05-2009 06:31 AM
Thanks and sorry everyone. I don't do this because I find it fun to annoy everyone, just trying to learn and understand so that I'm able to let go and let Norton do its job.
So its part of the if my browser sent out the request to sap IP 123. 45. 67 and a return came back on port 80 from 123.45.67 its cool.
But if say IP 987.65.43 tried to inbound connect to port 80, Norton says het, no request was snt out to 987.65.43 so BLOCKED
Is that process similar to the SPI (stateful packet inspection) that some routers have?
06-09-2009 09:21 PM
so if I have a dynamicIP address from my ISP, lets say 123.45.567.89. Then I turn off my computer and disconnect from the internet
Then when I reboot after a day and reconnect to the internet my ISP gives me another IP address say 22.214.171.124,
1.so this new address was held by someone else before right?
2. What if the previous owner of that address( 126.96.36.199) allowed another IP address (89.765.342.112) to access say port 3389.
So would it be likely that the 89.765.342.112 address try to connect to my machine since I am now holding the previous address (188.8.131.52) it was allowed to connect with before?
06-09-2009 09:41 PM
06-09-2009 09:52 PM - edited 06-09-2009 09:55 PM
Add this along with delphinium's multilayered masking and you get some of the general workings of IP addressing.
No, because the addressing used to direct information through a network as large as the internet uses more addresses than just your local machine's IP. This information request package would include the addressed (where to ask for information; called the destination [or server]) and the addressee (the requester of the information; called the source [or client]) . At the information processor [the server], the package is transformed from a request to a reply; the requested information is encoded into the Ethernet package and the package addressing is changed with the source and destination being switched. When this is received at your machine, a Stateful Packet Inspector looks at the package and sees the correct addresses, protocol and message format. Some SPI will actually 'remember' what was allowed outbound so when something wants inbound, the SPI has a small database to match the request to. If all the inspections match properly, then and only then is the Ethernet package allowed into the internal datastream.
Does this help any?