• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

deciphering blocked connection attempts

In the past couple days, there has been an upsurge in blocked connection attempts--it is almost continuous.  Here for instance, is the information indicated in the inspector window.

Direction: Incoming

Action: Denied

Type: User-defined setting

Protocol: UDP

IMCP info:

Remote Address: 192.168.1.2

Port: 137

Host: 192.168.1.2

Local Address: 192.168.1.3

Port: 49189

Host: 192.168.1.3

Remote address always ranges from 192.168.1.2 through 192.168.1.4.  It seems to be scanning systematically going from port 49189 to 49190 to 49191 and so on.

I would appreciate any assistance deciphering these connection attempts.

Thanks in advance.

Replies

Kudos0

Re: deciphering blocked connection attempts

Hi paranoidmacuser:

Here is a link to some information on ICMP which might help.

http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol

Those high number ports are usually used for your machine to "talk" to itself.  Compare the IP adresses to your own machine or network.  It could be something like your ISP trying to determine if you are on line, or another machine in your network trying to touch base, or even a wireless printer.  If you can click on any of the notations, and look at more details, it may give you a MAC address to compare to your machines or router.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: deciphering blocked connection attempts

Try resetting your router (usually done by holding a paper clip or pin on a small switch in the back of the unit) and then re-applying your ISP settings.  Returning the modem / router to factory defaults should stop the extra scanning traffic.

Win10 x64; Proud graduate of GeeksToGo
Kudos0

Re: deciphering blocked connection attempts

Thank you delphinium and dbrisendine.

I have been trying to read up on the topic a bit and it does seem to point to it having to do with local area network, which is reassuring.

I tried power cycling and resetting the modem to no avail.

Here's something curious though.  I retraced my steps to see if I had done anything differently before this onslaught of port scans began and sure enough, I had changed the setting on my firewall for the work around advised here, so that I can send/receive email without having to disable firewall completely.

http://community.norton.com/t5/Norton-for-Mac/Norton-Firewall-now-blocking-email-and-calendar-possibly-others/td-p/174160/page/2;jsessionid=1D4D3F784E9E68AFAFFF26B3273AA150

I played with turning the "Enable applications firewall" option on and off and the pattern I am observing, which seems to be pretty consistent, is:

--With "Enable applications firewall" turned on, port scans stop.

--When "Enable applications firewall" is turned off, port scans resume.

Might there be a correlation here?


Kudos0

Re: deciphering blocked connection attempts

Do you have the Windows File Sharing service enabled on your Mac? In Mac OS X you can check this by selecting "Sharing" from the System Preferences application, then choosing "File Sharing". Click on "Options…" and see if "Share files and folders using SMB (Windows)" is selected.

If you do NOT have this option selected, it's possible that your cable modem/router assumes that your computer has this service enabled. Many cable modem/routers are written with Windows users in mind, and assume that Windows File Sharing (SMB) is on for every computer on the network.

Ryan

Ryan McGann Technical Director Norton Business Unit, Symantec

This thread is closed from further comment. Please visit the forum to start a new thread.