• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

trying to understand unused port blocking in the Norton products

I use NAV2008 which has the inbound "firewall"

I know it works because i frequently get the following type of message

Unused port blocking has blocked communications.
Inbound TCP connection.
Remote address,local service is 82.56.81.14,   80.

where I assume 80 is the port number

So NAV2008 blocked an inbound to port 80?  isn't the port 80 needed for accessing the internet?

Replies

Kudos1 Stats

Re: trying to understand unused port blocking in the Norton products

This has been explained to you so many times I figured you would be posting it by now. 

Your INBOUND port blocking selectively blocks unsoliticed traffic.  In this case, this traffic was examined and found that a) it was not one of the allowed unsolicited allowed Inbound communication protocols and b) was not a reply to something sent out from your system.  After examining this and found to be in compliance with the rules above, it was blocked.

Win10 x64; Proud graduate of GeeksToGo
Kudos0

Re: trying to understand unused port blocking in the Norton products

Thanks and sorry everyone. I don't do this because I find it fun to annoy everyone, just trying to learn and understand so that I'm able to let go and let Norton do its job.

So its part of the if my browser sent out the request to sap IP 123. 45. 67 and a return came back on port 80  from 123.45.67 its cool.

But if say IP 987.65.43 tried to inbound connect to port 80, Norton says het, no request was snt out to 987.65.43 so BLOCKED

Is that process similar to the SPI (stateful packet inspection) that some routers have?

Kudos1 Stats

Re: trying to understand unused port blocking in the Norton products

You are correct and SPI is much more detailed than what you have in NAV08 but in the same lines.
Win10 x64; Proud graduate of GeeksToGo
Kudos0

Re: trying to understand unused port blocking in the Norton products

Thanks Dbris
Kudos0

Re: trying to understand unused port blocking in the Norton products

so if I have a dynamicIP address from my ISP, lets say 123.45.567.89. Then I turn off my computer and disconnect from the internet

Then when I reboot after a day and reconnect to the internet my ISP gives me another IP address say 125.67.89.123,

1.so this new address was held by someone else before right?

2. What if the previous owner of that address( 125.67.89.123) allowed another IP address (89.765.342.112) to access say port 3389.

So would it be likely that the 89.765.342.112 address try to connect to my machine since I am now holding the previous address (125.67.89.123) it was allowed to connect with before?

Kudos0

Re: trying to understand unused port blocking in the Norton products

First keep in mind that the IP address is only one layer of identification.  Before that is the subnet.  Your service provider is entitled to a subnet  that might compose several different number series, the IP address can be rotated among several subnets.  So the subnet number would have to match, the ISP address would have to match, the MAC address of the router and the user name.  All of which are layers of identification.  If identification fails at any of those points, the information packets are dropped.  Which means, they are not answered, or blocked.
Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos1 Stats

Re: trying to understand unused port blocking in the Norton products

Add this along with delphinium's multilayered masking and you get some of the general workings of IP addressing. 

No, because the addressing used to direct information through a network as large as the internet uses more addresses than just your local machine's IP.  This information request package would include the addressed (where to ask for information; called the destination [or server]) and the addressee (the requester of the information; called the source [or client]) .  At the information processor [the server],  the package is transformed from a request to a reply;  the requested information is encoded into the Ethernet package and the package addressing is changed with the source and destination being switched.  When this is received at your machine, a Stateful Packet Inspector looks at the package and sees the correct addresses, protocol and message format.  Some SPI will actually 'remember' what was allowed outbound so when something wants inbound, the SPI has a small database to match the request to.  If all the inspections match properly, then and only then is the Ethernet package allowed into the internal datastream.

Does this help any?

Message Edited by dbrisendine on 06-10-2009 12:55 AM
Win10 x64; Proud graduate of GeeksToGo

This thread is closed from further comment. Please visit the forum to start a new thread.