Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
This is a False Positive, according to a symantec Employee.
Floating_Red wrote:
This is a False Positive, according to a symantec Employee.
Can you provide the link to that please.
http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=5889
I have checked the Intrusion Detection Signatures on the Web Site, and no Port Scan is there, as far as I am aware.
[edit: corrected link]
Thanks for the link – I would not myself link that thread to this query here and assume that the report is a “false positive” since as I said it could well be a reflection of reality: we are all under attack.
It is probably a intrusion attempt unless you are losing functionality with a program or visiting the web.
The link from Floating_Red is to a thread with one of my posts (it didn't display correctly for me but I figured out how to view it.) Floating_Red was probably correct about it being a false positive.
Symantec is currently working on resolving the false positives that occur with the port scan signature. The false positive cases that I see most often are from people's DNS servers. These trigger the port scan detection when users open web pages that embed content from many different sites. For each site, a DNS request is made from a unique local port. Each of the responses to those requests comes back to the same unique port. By sending packets to many different ports, it appears as if the DNS server is performing a port scan when in reality it's simply responding to the requests that were made to it.
In general this false positive detection is harmless and just adds a warning to the logs.
If the detection is from an address other than a DNS server or is not from port 53, though, it is probably a true positive detection.
Looks like Myles uses Norton AntiVirus 2008 not Norton Internet Security
But it seems anyway you look at it, he (and all of us who use Norton- AntiVirus or internet security) is safe sine it blocked, false positive or real thing. Thansk Norton, it is blocked :)
Thanks for the clarification on this.
Hi all. Somewhat new here so if this issue has been dealt with already, sorry.
I use Norton Antivirus 2008. I will probably upgrade, but not right now. In my history I show
attempt by my ISP address (you know the 192.XXX.X.X that we all seem to have) as an attacking computer towards my own PC
UDP traffic, port 53. It was blocked so all that is cool. It was noted as "portscan"
Attempted Intrusion "Portscan" against your machine was detected and blocked.
Intruder: 192.XXX.0.X(domain(53)).
Risk Level: Medium.
Protocol: UDP.
Attacked IP: My PC.
Attacked Port: xx3x6.
I have done some reading. Is this what they call a false positive? That there was maybe an overload of information and Norton took it as a possible intrusion? My wife was web surfing at the time.