The previous v22.5.0.120 Liveupdate push and its failed/corrupted installation which lead to my Outlook issues, and my subsequent futile attempts to correct the issues, ultimately required me to resort to using Norton Support Chat. The tech used remote access to come into one of my affected systems to try and resolve the problem - unsuccessfully.
Since then I have been seeing some rather interesting DOS events logged by my router, typically in the wee hours when all computer systems are off.
For example, last evening's router log had the following consecutive entry block:
[DoS Attack: ACK Scan] from source: 143.127.93.95, port 80, Friday, June 26, 2015 00:14:28
[DoS Attack: ACK Scan] from source: 143.127.93.103, port 80, Friday, June 26, 2015 00:14:12
[DoS Attack: ACK Scan] from source: 143.127.93.95, port 80, Friday, June 26, 2015 00:13:13
[DoS Attack: ACK Scan] from source: 143.127.93.103, port 80, Friday, June 26, 2015 00:12:57
[DoS Attack: ACK Scan] from source: 143.127.93.95, port 80, Friday, June 26, 2015 00:11:58
[DoS Attack: ACK Scan] from source: 143.127.93.103, port 80, Friday, June 26, 2015 00:11:42
[DoS Attack: ACK Scan] from source: 143.127.93.95, port 80, Friday, June 26, 2015 00:10:43
[DoS Attack: ACK Scan] from source: 143.127.93.103, port 80, Friday, June 26, 2015 00:10:27
[DoS Attack: ACK Scan] from source: 143.127.93.95, port 80, Friday, June 26, 2015 00:09:28
[DoS Attack: ACK Scan] from source: 143.127.93.103, port 80, Friday, June 26, 2015 00:09:12
[DoS Attack: ACK Scan] from source: 143.127.93.95, port 80, Friday, June 26, 2015 00:08:13
[DoS Attack: ACK Scan] from source: 143.127.93.103, port 80, Friday, June 26, 2015 00:06:42
[DoS Attack: ACK Scan] from source: 143.127.93.117, port 80, Friday, June 26, 2015 00:05:52
[DoS Attack: ACK Scan] from source: 143.127.93.103, port 80, Friday, June 26, 2015 00:04:12
[DoS Attack: ACK Scan] from source: 143.127.93.96, port 80, Thursday, June 25, 2015 22:48:07
[DoS Attack: ACK Scan] from source: 143.127.93.96, port 80, Thursday, June 25, 2015 22:43:07
[DoS Attack: ACK Scan] from source: 143.127.93.96, port 80, Thursday, June 25, 2015 22:41:52
I checked all these IPs using Network Solutions - "whois".
They all came back the same as to owner...
WHOIS Results
You Searched for: 143.127.93.95
143.127.93.95
Record Type: IP Address
NetRange: 143.127.0.0 - 143.127.255.255 CIDR: 143.127.0.0/16 NetName: SYMC-143-127 NetHandle: NET-143-127-0-0-1 Parent: NET143 (NET-143-0-0-0-0) NetType: Direct Assignment OriginAS: Organization: Symantec Corporation (SYMN-Z) RegDate: 1990-09-19 Updated: 2015-05-15 Ref: http://whois.arin.net/rest/net/NET-143-127-0-0-1 OrgName: Symantec Corporation OrgId: SYMN-Z Address: 350 Ellis St. City: Mountain View StateProv: CA PostalCode: 95117 Country: US RegDate: 2008-08-01 Updated: 2015-05-15 Ref: http://whois.arin.net/rest/org/SYMN-Z OrgNOCHandle: SIA9-ARIN OrgNOCName: Symantec IP Administrator OrgNOCPhone: +1-650-527-8000 OrgNOCEmail: dl-it-ip-admin@symantec.com OrgNOCRef: http://whois.arin.net/rest/poc/SIA9-ARIN OrgTechHandle: SIA9-ARIN OrgTechName: Symantec IP Administrator OrgTechPhone: +1-650-527-8000 OrgTechEmail: dl-it-ip-admin@symantec.com OrgTechRef: http://whois.arin.net/rest/poc/SIA9-ARIN OrgAbuseHandle: SIA9-ARIN OrgAbuseName: Symantec IP Administrator OrgAbusePhone: +1-650-527-8000 OrgAbuseEmail: dl-it-ip-admin@symantec.com OrgAbuseRef: http://whois.arin.net/rest/poc/SIA9-ARIN RAbuseHandle: SIA9-ARIN RAbuseName: Symantec IP Administrator RAbusePhone: +1-650-527-8000 RAbuseEmail: dl-it-ip-admin@symantec.com RAbuseRef: http://whois.arin.net/rest/poc/SIA9-ARIN RTechHandle: SIA9-ARIN RTechName: Symantec IP Administrator RTechPhone: +1-650-527-8000 RTechEmail: dl-it-ip-admin@symantec.com RTechRef: http://whois.arin.net/rest/poc/SIA9-ARIN RNOCHandle: SIA9-ARIN RNOCName: Symantec IP Administrator RNOCPhone: +1-650-527-8000 RNOCEmail: dl-it-ip-admin@symantec.com RNOCRef: http://whois.arin.net/rest/poc/SIA9-ARIN
Any thoughts?