Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
Stu wrote:
I don't know these adresses but it could be lot's of things from a zombie to a application which you have installed. If you have a firewall installed than you are safe. Especially when you have NAV as well. If it would reach any port that might be open NAV will block it as well
If the computer attempts to connect to your computer with which you are not using, then the Firewall will Block it; if it tries to Attack your computer, Intrusion Prevention should Block it.
The only way this computer could connect to your computer would be to try to get through with a Port you are using, and, even then, Auto-Protect and/or a Full System Scan should pick this up.
so does this all appear to be a common type of occurance?
NY1986 wrote:
so does this all appear to be a common type of occurance?
Yep.
If you are concerned, you could always Create a Rule to Block the Port(s) it is trying to use or place the computer in Restricted. If you are not sure how to Create a Rule or place the Computers under "Restricted", please let us know before doing anything and we will let you know how to do it.
If its common for this to happen and my Norton will protect nme as is, then I need to trust in my Norton. Like I said, it sometimes is heavy and sometimes light activity. But if its showing as blocked then all is cool. Now lets say that the same address keeps punding away at a specific port, it won’t “break” due to repeated attempts will it?
NY1986 wrote:
If its common for this to happen and my Norton will protect nme as is, then I need to trust in my Norton. Like I said, it sometimes is heavy and sometimes light activity. But if its showing as blocked then all is cool. Now lets say that the same address keeps punding away at a specific port, it won't "break" due to repeated attempts will it?
It shouldn't.
Red:
Red Wroter: If the computer attempts to connect to your computer with which you are not using, then the Firewall will Block it; if it tries to Attack your computer, Intrusion Prevention should Block it.
The only way this computer could connect to your computer would be to try to get through with a Port you are using, and, even then, Auto-Protect and/or a Full System Scan should pick this up.
Red what did you mean by with which you are not using?
Stu- Could it just be random dialing Or maybe systematic dialing where it several IPs being checked today (such as mine) and they are just zipping away at them to see if one is open? Kind of like the old phone soliciting dialing machines?
NY1986 wrote:Red:
Red Wroter: If the computer attempts to connect to your computer with which you are not using, then the Firewall will Block it; if it tries to Attack your computer, Intrusion Prevention should Block it.
The only way this computer could connect to your computer would be to try to get through with a Port you are using, and, even then, Auto-Protect and/or a Full System Scan should pick this up.
Red what did you mean by with which you are not using?
"...with which Port(s) you are not using.".
so either way, its showing the Norton is doing its job and I'm safe.
So it could be that these other computers are attacking all the computers with IP addresses in my IP range (for my city and ISP) and if perhaps I were able to check with others in my area with teh same ISP, they might be showing the same thing?
NY1986 wrote:So it could be that these other computers are attacking all the computers with IP addresses in my IP range (for my city and ISP) and if perhaps I were able to check with others in my area with teh same ISP, they might be showing the same thing?
Maybe; it is possible.
I must be the only idiot who worries about the logs and all. I think about people I know, they can’y even tell you what AV they use. they zip around and download this and that and never worry
NY1986 wrote:
I must be the only idiot who worries about the logs and all. I think about people I know, they can'y even tell you what AV they use. they zip around and download this and that and never worry
You're not an idiot.
I am sure stu, Phil_D and myself check logs to make sure everything is okay; it is good Security to check logs. :)
Ok the basics I use windows Vista heome premium with the Vista service pack 1 I run NAV2008 ( I will be upgrading soon to NIS2009) on a DSL connection on 24/7
In the activity logs I notice MANY entries as follows
Unused port blocking has blocked communications.
Inbound TCP connection.
Remote address,local service is 125.211.***.5*, *78*. (I * out some of the numbers)
Now this "address" seems to be attempting to connect to my PC over and over again, trying different ports and often the same port multiple times. Also seem to get the same activity from this other address 218.10.*1*.**6 and 88.152.***.***
I checked them out on webyield, but can get no handle on what they are. I think they come out of China though
Just concerning because there are several of these addresses that seem to try to connect to me every day, many times a day.
Some days very heavy others not.
Looks like my NAV 2008 inbound firewall is blocking it which is GREAT. My questions:
1.My concern is what if it reaches a port that is used such as port 80? Would it be able to connect then? Or would other Norton NAV2008 features block it?
2. Are others getting activity from the same addresses?
Hi NY1986
You are not alone!!!,You ask the questons that I'm to scared to ask for the same reason("novice" computer user!!)
Cheers Mo
yes, but it really makes me not enjoy using the computer. And Lord knows that I would prefer not to do any financial stuff like paying bills, banking, etc. My wife says that we can get rid of the computer and go back to the stone age if it freaks me out so much. I darn near said yes. For some reason, I just can't stop checking the logs. I really just need to trust in my Norton and ONLY if there is something wrong, check the logs.
I mean think about it, if I don't check tyhe logs, I have no paranoid questions. I don't think that the Norton products are set up so non-techies like me have to llok at it. I think the whole purpose of these great Norton products is so the average Joe like me can set it and forget it. Sorry for the whinning
Relax. Slow your breathing. Easy now.
As long as you keep your Norton Product up-to-date, then there is no reason for you to worry. Just make sure you do Full System Scan at least three-times-a-week (Norton 2007) twice-a-week (Norton 2008) and at least once-a-week (Norton 2009, N.I.S.).
:) I'm sure it would shock anyone to know I run nightly full system scan
NY1986 wrote::) I'm sure it would shock anyone to know I run nightly full system scan
I knew that.
There is nothing wrong with that; you decide when to run Scans; what I gave was just a Guideline.
Hi NY1986,
Just a thought.. Have you ever run a P2P client like BitComent, EMule etc on that machine ? In the past I've noticed that even long after I stopped running the client, I would receive these inbound connection requests from what appeared to be random addresses. And then it would stop. I found out that those computers still thought I was serving up some file that they wanted and hence would attempt to contact my PC.
Shane.