• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Unused port blocking

When I check my activity log, it seems like I have an unsued port blocking message every 7-9 minutes.

I can see that the NAV2008 inbound firewall is working, but it gets concerning thta every few minutes there is another attempt

 Usually it  runs like follows and the addresses trying to find an open port change up. Usually the address tries 1-2 hits at one port, then another 1-2 hits at another port. The 192.**.*.* I think is my DSL connection

I use NAV2008 on Vista Home premium OS SP 1  All updates are current

 but here is a sample:

9/8/08  7:13:57am   Unused Port Blocking has blocked communications

                              
                                Inbound TCP connection.
                                Remote address,local service is 218.10.111.106, 8000.

9/8/08  7:13:57am   Unused Port Blocking has blocked communications

                              
                                Inbound TCP connection.
                                Remote address,local service is 218.10.111.106, 9788.

9/8/08  7:12:57am   Port Blocking allowed  192.***.0.1 (8)

9/8/08  7:07:54am    Port Blocking allowed  192.***.0.1 (8)

9/8/08  7:05:06am   Unused Port Blocking has blocked communications

                              
                                Inbound TCP connection.
                                Remote address,local service is 222.180.37.14, 9788.

9/8/08  7:05:06am   Unused Port Blocking has blocked communications

                              
                                Inbound TCP connection.
                                Remote address,local service is 222.180.37.14, 7212.

9/8/08  7:02:54am    Port Blocking allowed  192.***.0.1 (8)

This seems to happene everyday for like the last year

  Is this a normal process? Do must computers get these types of hits?

Message Edited by NY1986 on 09-08-2008 06:44 AMMessage Edited by NY1986 on 09-08-2008 06:55 AM

Replies

Kudos0

Re: Unused port blocking

When I check my activity log, it seems like I have an unsued port blocking message every 7-9 minutes.

I can see that the NAV2008 inbound firewall is working, but it gets concerning thta every few minutes there is another attempt

 Usually it  runs like follows and the addresses trying to find an open port change up. Usually the address tries 1-2 hits at one port, then another 1-2 hits at another port. The 192.**.*.* I think is my DSL connection

I use NAV2008 on Vista Home premium OS SP 1  All updates are current

 but here is a sample:

9/8/08  7:13:57am   Unused Port Blocking has blocked communications

                              
                                Inbound TCP connection.
                                Remote address,local service is 218.10.111.106, 8000.

9/8/08  7:13:57am   Unused Port Blocking has blocked communications

                              
                                Inbound TCP connection.
                                Remote address,local service is 218.10.111.106, 9788.

9/8/08  7:12:57am   Port Blocking allowed  192.***.0.1 (8)

9/8/08  7:07:54am    Port Blocking allowed  192.***.0.1 (8)

9/8/08  7:05:06am   Unused Port Blocking has blocked communications

                              
                                Inbound TCP connection.
                                Remote address,local service is 222.180.37.14, 9788.

9/8/08  7:05:06am   Unused Port Blocking has blocked communications

                              
                                Inbound TCP connection.
                                Remote address,local service is 222.180.37.14, 7212.

9/8/08  7:02:54am    Port Blocking allowed  192.***.0.1 (8)

This seems to happene everyday for like the last year

  Is this a normal process? Do must computers get these types of hits?

Message Edited by NY1986 on 09-08-2008 06:44 AMMessage Edited by NY1986 on 09-08-2008 06:55 AM
Kudos0

Re: Unused port blocking

This is somewhat "normal".

Do not worry as un-used Port-blocking will always block connection attempts to un-used Ports.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Unused port blocking

quick lesson on IP addresses...

the sub-nodes that are included within 192.168.X.X or 10.10.X.X are always local networks that are served by your (or some elses) router (and considered internet blackholes -- but thats a differnt explaination) .  As such these IP addresses do not identify you (or anyone else)(each computer served by your router will have a different 192.168.x.x number)  if 192.168.x.x  (or 10.10.x.x) IP's are posted in full the mods here will not care that the complete IP address exists, most everyone's routers are using these addresses. For example my computer IP address on my own network is 192.168.1.5 ......  I have telephone and video equipment that always pick up 192.168.1.2 throught 192.168.1.4 ..... my router itself is referred to from an internal point of view as 192.168.1.1 .... from the outside it is referred to as it's internet IP address.... 

This allows one internet IP address to serve all of the computers that your router serves...... one of the simplist ways to find out what your internet IP address is to just visit http://whatismyipaddress.com ...  the address shown on that webpage would identify you, or more specifically it would identify your router at this time....  (with some internet service providers you keep the same internet IP all the time, with other service providers your internet IP may change several times a day, but it can still ultimately identify you..)...    This type of IP address should always be broken  or removed and posted as 72.164.X.X  or even x.x.x.x

When removing other types of IP addresses the best thing to remove is the lower order nodes... in other words show them as 72.164.x.x.  (that narrows it down to just 65536 possibilites, but does show generally were on the internet the IP address is located, which could be helpful in a malware discussion.

The exception to the above might be in a higher level networking discussion where you would want to identify specific machines, but leave off where specifically these machines exist in the internet... in that case you would want to leave off the higher order nodes... as in XX.XX.105.243 

Kudos0

Re: Unused port blocking


4runner wrote:

the sub-nodes that are included within 192.168.X.X or 10.10.X.X are always local networks that are served by your (or some elses) router (and considered internet blackholes -- but thats a differnt explaination) .  As such these IP addresses do not identify you (or anyone else)(each computer served by your router will have a different 192.168.x.x number)  if 192.168.x.x  (or 10.10.x.x) IP's are posted in full the mods here will not care that the complete IP address exists, most everyone's routers are using these addresses. For example my computer IP address on my own network is 192.168.1.5 ......  I have telephone and video equipment that always pick up 192.168.1.2 throught 192.168.1.4 ..... my router itself is referred to from an internal point of view as 192.168.1.1 .... from the outside it is referred to as it's internet IP address.... 


This is correct.

This thread is closed from further comment. Please visit the forum to start a new thread.