08-08-2008 12:29 PM
Glad I found this site. I looked through the questions people posted and I don’t really see an answer for my question. So here it is
From thime to time (most recently 8/7/08 in the morning) I will get the following notice in my history (this is not the exact wording but close)
Attempted Intrusion "Portscan" against your machine was detected and blocked.
Risk Level: Medium.
Attacked IP: MY-PC.
Attacked Port: 52***
Of course I'm happy that this is blocked.
However later ( Last night) some Microsoft had some updates that required the computer to shut down and restart. So it restarted around 1:30am or so on its own.
We have the two account options on our computer- Admin and User. So when I woke up this morning the computer was on, but the screen showed that we had to “log in” under one of the two accounts. After logging in as user (which we always do), I checked on updates and all, and the Norton logs. Well the Norton Activity log showed the following in 'activity" for early early this morning.
Inbound UDP packet allowed.
Local address,service is (My-PC,601**).
Remote address,service is (192.168.0.1,domain(53)).
So I'm concerned that some how the Portscan intrusion now made its way on my comp.
I did a full system Norton scan and nothing showed except tracking cookies.. Also used SpyBot and nothing showed.
Now I know in my activity logs that Port Blocking allowed 192.168.0.1(8) happens all the time, for the last year, so I know thats not a problem. Just that the Portscan blocks appear to be the same as the UDP packet that was allowed. I use Norton Antivirus 2008. I have Vista Home Premium. And of course a DSL connection (anyone still on dial up??)
I appreciate any comments and help.
Solved! Go to Solution.
08-08-2008 04:19 PM - edited 08-08-2008 04:24 PM
Prevent this computer from having access to your's: Open Norton > N.I.S. tab > Settings > N.AV Options (?) > Firewall > Program Control > Trust > Add > Enter computer "192.168.0.1" > "Ok" > Click on Computer > Restrict > "Yes".
I would also Block Ports 8 and 53: After you have done the above, click on Advanced > Configure > Add > Block > Connections to and from other computers > Any computer > Click the second one and select U.D.P. and then click on Add > Filer by: Click the middle one and enter the Ports; click on Local > "Ok" > Add Rule: Enter the Rule Name you want > That's you done!
Not sure what options N.AV has, so if someone knows, then you can correct where I am wrong; it should something roughly like that anyway; just treat this as a Guide.
I would also Update your Virus Definitions and then do a Full System Scan in Safe Mode.
08-08-2008 05:46 PM
08-10-2008 03:38 PM
08-15-2008 06:08 PM
We have some measures in there to prevent "shooting yourself in the foot" if you happen to restrict your own gateway. Therefore, you should still have internet access. However, it would be good to remove the restriction on the gateway.