Apologies if I've misunderstood some thing basic but I'd appreciate some help interpreting blocked connection attempts (OS X 10.6 and Norton Firewall 4.1.0 for Mac).
My logs show dozens of blocked incoming connection attempts. Many of the 'attacker' IP addresses resolve to the websites I've visited (including Norton's!). However the connection attempts keep coming even when I'm not surfing (I guess another application such as iTunes might be connecting though).
They are all TCP to remote port 80 and to multiple local ports.
I am behind a hardware firewall and running NAT (properly configured I think), and this is happening on 2 macs.
Any insights are welcome - obvioulsy I only want to see a (shorter) list of real attacks to worry about when I check the logs.