Recently got Norton and have it all up and running and says everything is secure but I just have a couple questions.
In the security history, I see alot of Unauthorized access blocked in there and want to know what their all about? because they give off a Medium warning and I don't know if it's something to worry about or if it's normal.
I also checked my router's security log and in the Firewall log, it had entries of **TCP FIN Scan** that has me worried. Does Norton deal with this problem and can someone explain what it is?
Thank you for anyone that helps me out.
Hi zeroresistance,
A TCP FIN Scan is a type of portscan. You can't do anything to prevent the scans, which are part of the internet background noise (if you're on the internet, you're going to be scanned at random), but no unsolicited traffic can get through the router, and even without a router, the Norton Firewall would block it. Portscans are the reason we should never put an unprotected machine directly on the internet - either put it behind a router or use a firewall, or both.
http://www.auditmypc.com/port-scanning.asp
Thanks for the response but I really just want to clear it up once and for all to give me ease of mind because when I first saw it, I was and am still extremely worried about it because some say it's a person and it worries me alittle if someone is trying to access my computer but if it's part of Norton then that isn't a problem.
But anyway, some have been Inbound and Outbound and they normally goto IP addresses that belong to 3 or 4 companies, iWeb Technologies Inc, LeaseWeb B.V., Leaseweb USA, Inc. and Host Europe GmbH.
I assume these are all hosting sites so they host websites I've visited and Norton has communicated with them and that is the reason the TCP FIN Scan has shown up in my router's security log for the Firewall and that it is all Norton and nothing to stress over about?
I know nothing about the companies and everything I've read on them leads me to believe their some hosting company but maybe you kind people know more about these companies or this situation then me because all this stuff is new to me, which is why I'm really worried about it.
And what does the scan and why?
Hi zeroresistance,
No need to worry, your Norton product's firewall takes care of your inbound and outbound http communications.
What norton product do you have?
B/R
The scans are showing up because there are people in the world who run automated programs designed to scour the internet looking for unprotected computers - welcome to the World Wide Web. It is not anything directed specifically at you. Again, you can't stop someone from scanning your IP Address anymore than you can prevent someone from dialing your telephone number. Your IP Address, like your phone number, is publically available. Your only options are to use a router and firewall, which essentially provide the internet equivalent of not answering your phone when it rings. As long as you have some means of blocking access (you do) these random scans are not an issue.
Recently got Norton and have it all up and running and says everything is secure but I just have a couple questions.
In the security history, I see alot of Unauthorized access blocked in there and want to know what their all about? because they give off a Medium warning and I don't know if it's something to worry about or if it's normal.
I also checked my router's security log and in the Firewall log, it had entries of **TCP FIN Scan** that has me worried. Does Norton deal with this problem and can someone explain what it is?
Thank you for anyone that helps me out.
Does anything show up on Norton is a TCP FIN Scan is being shown in my router firewall log?
zeroresistance wrote:
Norton 360
There is a specific Forum for so Norton 360 I'll ask for this thread to be moved over there or better exposure.
You won't lose sight of it because a link will be left here.
zeroresistance wrote:
Does anything show up on Norton is a TCP FIN Scan is being shown in my router firewall log?
If your PC is behind a router, the scan would be stopped by the router, preventing the traffic from ever reaching your computer - so the traffic is actually blocked before Norton would have a chance to see it.
Therefore, nothing comes up on Norton and everything has been dealt with by the router?
Is there anyway to stop these appear in the firewall log at all? I don't really want to see something in there that is nothing to worry about? because at the moment, anything I see in my firewall log, I worry about.
And I did a scan with something called ShieldsUp that is on another website and it tested everything and it said all the ports where in Stealth mode and nothing was recieved or sent and I checked my firewall log and it came back with the TCP Null Scan.
Again, this is all new to me and I have no idea what I'm doing and just taking advice from the people that know what their doing, if anything I did could be explained, it would be extremely useful because I don't know why I got a Null Scan on the one I did and a FIN Scan on something else.
Thanks again for all the responses.
Different routers, different configurations. On some you can disable logging, on others you can't.
But the fact that you see it means that you don't have to worry about it. It is blocked! The router firewall is doing its job.
You are almost never personally targetted by these kinds of scans. They are from bots and infected computers randomly scanning entire IP ranges for vulnerable computers, and you just happen to be in such a range when a scan entry like that appears in the log. Different kind of scans are identified by different kind of names by the firewall. You can't prevent these attacks from happening . They are blocked, and an entry is written in the log. Normal and nothing to worry about. I've had such attacks that wrote 100+ entries in the log every minute for days on end.
When you do a scan at the Shields Up! website, it does such a scan on your computer (or router if you have one), upon your request, and if you have a firewall with logging capabilities in your router, you should see the kind of messages you mention. All is good, since it reported both that all your ports were stealthed and your firewall registered the scan correctly.
So the TCP FIN Scan is an everyday ocurrance for everybody? and therefore, is nothing to worry about.
But what is the difference between the TCP Null Scan the ShieldsUp thing did compared to the TCP FIN Scan that has appeared on the firewall log?
zeroresistance wrote:
But what is the difference between the TCP Null Scan the ShieldsUp thing did compared to the TCP FIN Scan that has appeared on the firewall log?
The differences are just technical and are explained in the link I posted earlier. ShieldsUp! tests by portscanning your IP Address, so as Bombastus pointed out, you should see evidence of a scan in your logs after running the test.