Have I been hacked??

I know there have been some posts before on this issue, but I cannot find them or the answers, so I'll post here

Windows Vista with Vista Service Pack 2

Norton Antivirus 2008 ( yes I'm one of those who don't like change)

 

So I found this the other day

 

Security History

   Internet Worm Protection

     Alert Summary

 

 

Program name:  Microsoft Generic Host Process for Win32 Services

Program path: C:\Windows\System32\svchost.exe

risk level: low

Default Action: Allow

Action Taken: Allow

Local Computer:  My PC    500 (port?)

remote Computer: 67.226.54.11   500 (port?)

Traffic Description: inbound UDP 500

 

"Microsoft generic Host Process for Win32 services was allowed to communicate with 67.226.54.11"

 

Then there was also this entry under Internet Worm Protection: Alerts

"User Has created a rule to permit communication"

 

**Now when I check my connection log, I see no connection around that same time and nothing that would indicate any bytes were exchanged

 

** When I look up this IP 67.226.54.11, It shows it belongs to Houston Community College in Houston Texas USA

So I know this is not one of my programs getting an update

 

** I have run several scans and all show clean

 

** Inbound Firewall still shows blocking of other attempts from other IPs trying to enter my computer

 

This has raised many questions/worries  for me:

1. First, what the heck is this??

2. Is this someone hacking into my computer?

3. is this someone trying to "ping" me?

4. Is it just some goofball seeing if they can connect and then moved on?

5. When it says "User Has created a rule to permit communication" I never created a rule, so is it the firewall program itself that it  refers to as "user"?

6. The fact that no data appears to be exchanged mean nothing was "dropped" on my system"?

7. It seems that the program rules for in my norton set up for Microsoft Generic Host Process for Win32 Services is set at default to allow from all computers and all IPs. Is that really the default?

8. is this a situation where ( what I read on here) the multiple layers of protection contained in Norton products come into play?

   Where the priogram needs to keep port 500 open, and thus from time to time connections are made that are not legit, but if that connection tries to go further Norton will stop it?