• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos1 Stats

Unused Port Blocking

I have Norton Internet Security 2010 installed on 2 laptops in my home.  They are both running Windows Vista 32-bit.  In the Norton History on one of them, it is constantly coming up with, "Unused port blocking has blocked communications.  Inbound TCP connection from 192.168.1.103, local service Port www-http(80)."  The port randomly changes to many different ports, not just 80 (for example, 81, 515, 2191, 443, and 9100.  The IP address it is pointing out is the other laptop.  I have performed a full system scan on both computers, and neither has come up with anything.  What could be causing this?  What should I do?  Are either of my computers at risk of something?

Replies

Kudos0

Re: Unused Port Blocking

I have Norton Internet Security 2010 installed on 2 laptops in my home.  They are both running Windows Vista 32-bit.  In the Norton History on one of them, it is constantly coming up with, "Unused port blocking has blocked communications.  Inbound TCP connection from 192.168.1.103, local service Port www-http(80)."  The port randomly changes to many different ports, not just 80 (for example, 81, 515, 2191, 443, and 9100.  The IP address it is pointing out is the other laptop.  I have performed a full system scan on both computers, and neither has come up with anything.  What could be causing this?  What should I do?  Are either of my computers at risk of something?
Kudos1 Stats

Re: Unused Port Blocking

Hi Squirrel_wny,

Welcome to Norton Community!

This is the security log information for the Intrusion Prevenstion/Firewall feature. This indicates that when a port was unused, some Inbound(incoming) intrusion has happened and so the Norton program blocked that communication to protect your computer. Similar intrusions are always blocked by Norton program and you are safe to go. This was discussed in various other threads like the following one:

http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=55191

Yogesh

Kudos0

Re: Unused Port Blocking

squirrel_wny:

If you have sharing set up on the computers, or if your internet connection is set up as a slave through the main computer, you will see traffic back and forth.  This will depend on your Windows settings when you set up your home group.  You have not allowed this kind of contact between them in Norton, so it is blocked.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: Unused Port Blocking

Thank you for the welcome, I'm happy to have a great community willing to help!  I'm happy that NIS is doing its job on computer A, the only thing I'm worried about is why computer B is attempting to access computer A, and what it could mean for anything else on my network.  My internet comes from a wireless router, hooked directly to my satellite modem (HughesNet satellite ISP), so the connection isn't shared from one computer to another.  Do you think that whatever is causing computer B to connect to computer A may also cause it to attempt any other items on the network (gaming consoles, perhaps another computer if a family member brings one over, etc.), and if so, does anyone have any good ideas about where to keep looking on computer B for the problem?  What has me worried is that it's only the one way.  In other words, computer B isn't logging any blocks like it, so I'm not sure that it's a Windows/networking issue.  That's why I am interested in digging a little deeper into it.
Kudos4 Stats

Re: Unused Port Blocking

squirrel_why, it does look like there is program on computer B that is performing reconnaissance on computer A. It appears to be looking for some standard ports (80 for http, 443 for https). You may run netstat with the -b option to see what executables on computer B have network connections (I vaguely recall that this might be slightly different on Vista though.) You could also create a NIS system rule on computer B to simply monitor and log all connection attempts to computer A and that should show you determine which process is performing the activity.
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos1 Stats

Re: Unused Port Blocking

Thank you for your help, that did the trick.  I ran netstat, found which program was attempting the connections and got rid of it.  The NIS history log hasn't shown a single attempt since.
Kudos0

Re: Unused Port Blocking

I'm glad that I could help!
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation

This thread is closed from further comment. Please visit the forum to start a new thread.