Since switching to a higher speed ISP and installing a wireless router, NIS firewall activity logs never anymore announce portscans, intrusions, malicious attacks from outside, thanks no doubt to the router. But now my logs are filled with hundreds of entries of two types: Rule "default Block UPnP Discovery" stealthed Inbound UDP packet, and Rule "Default Block SSDP" Blocked inbound TCP connection. For the UPnP messages the local address is 239.255.255.250, Port ssdp (1900). and Remote address is that of the router, 192.168.1.1. For the Block SSDP messages, the addresses involve the Router address, Ports 2869 and 1025.
I gather this is routine and probably expected, but why the constant barrage at the rate of one instance every 3 minutes? Is NIS disabling anything I might need?
All these entries are due to the General Traffic Rules set in Smart Firewall by default. Norton products have application intelligence baked in, allowing it to make security decisions so that you don’t have to. The Smart Firewall intelligently makes security decisions for you—allowing you to use your computer without you needing to be a security expert. The Smart firewall will automatically configure and use the rules whenever it is required. And, all these entries indicate that Norton program is blocking some unwanted intrusion attempts which came to your computer through different ports or ways. So, there is nothing for you to worry about these entries.
Thanks again, Yogesh. I had read some of those posts to which you referred, and was still uncertain. I'll avoid making any changes to the setup, and assume NIS is doing its job. I have one final question that I'll ask in a different message after a bit more research.
You are correct that the router is now blocking unsolicited traffic from the internet and so the Norton Firewall no longer gets bombarded with portscans. The UPnP activity is most likely a multicast "I'm here..is anybody listening?" shoutout coming from your router. Some routers have UPnP enabled by default in order to allow programs running on your computer to open ports that they need without bothering you, the user. There is a downside to this, however, since a malicious program that installs itself on your PC will immediately take advantage of this to open lines of communications in order to further its evil plans. Moreover, when ports are opened via UPnP, there is no notice given to the user that a change in configuration has occurred, so you will be completely in the dark as to what has happened. Granted, this situation arises after you have already been infected, so you've still got troubles. But turning off UPnP in the router's options will at least keep anything malicious from being able to commandeer your router and open ports without your knowledge, should this misfortune ever befall your machine.
Thanks for your help. Does my current setup mean that certain games or cameras might not function if I were to add such a device, or will that problem become obvious (with an obvious solution) if that situation were to arise?