I'm running Norton Internet Security on an XP PC and Vista laptop.  The PC is ethernet connected to a Linkysys router, the laptop connects to the internet wirelessly.  As far as I know, everything has the latest patches and updates (it's all set to automatic by default).

I started look at the contents of the network connections log on the PC and discovered a bunch of items that I don't really understand - but certainly don't look correct to me.  I pulled the log into a spreadsheet to pull out the strange looking traffic and over the last 12 hours (midnite to midday 23112008) this is what I found.

Has my PC been compromised?  If so, why isn't Norton preventing this traffic?

Appreciate any thoughts.

SMC

Remote Service Port Instance

auth(113) 6

Backdoor-g-1(1243) 2

Back-Orifice-2000-1(54321) 20

coauthor(1529) 3

daytime(13) 7

doom(666) 5

ftp(21) 2

http-alt-1(8008) 1

http-proxy(8080) 7

icq(4000) 1

ingreslock(1524) 1

kerberos(88) 2

kpop(1109) 1

l2tp(1701) 2

lotusnotes(1352) 1

msnp(1863) 5

ms-sna-base(1478) 1

ms-sna-server(1477) 2

netbios-ssn(139) 7

NetBus(12345) 14

NetBus-2(12346) 3

nfsd(2049) 2

nsvt(1537) 2

ntp(123) 2

pop3(110) 22

pptp(1723) 1

radacct(1813) 1

radius(1812) 2

remote-winsock(1745) 1

socks(1080) 1

tdisrv(1527) 1

vdolive(7000) 3

wins(1512) 2

xserver(6000) 1

I'm running Norton Internet Security on an XP PC and Vista laptop.  The PC is ethernet connected to a Linkysys router, the laptop connects to the internet wirelessly.  As far as I know, everything has the latest patches and updates (it's all set to automatic by default).

I started look at the contents of the network connections log on the PC and discovered a bunch of items that I don't really understand - but certainly don't look correct to me.  I pulled the log into a spreadsheet to pull out the strange looking traffic and over the last 12 hours (midnite to midday 23112008) this is what I found.

Has my PC been compromised?  If so, why isn't Norton preventing this traffic?

Appreciate any thoughts.

SMC

Remote Service Port Instance

auth(113) 6

Backdoor-g-1(1243) 2

Back-Orifice-2000-1(54321) 20

coauthor(1529) 3

daytime(13) 7

doom(666) 5

ftp(21) 2

http-alt-1(8008) 1

http-proxy(8080) 7

icq(4000) 1

ingreslock(1524) 1

kerberos(88) 2

kpop(1109) 1

l2tp(1701) 2

lotusnotes(1352) 1

msnp(1863) 5

ms-sna-base(1478) 1

ms-sna-server(1477) 2

netbios-ssn(139) 7

NetBus(12345) 14

NetBus-2(12346) 3

nfsd(2049) 2

nsvt(1537) 2

ntp(123) 2

pop3(110) 22

pptp(1723) 1

radacct(1813) 1

radius(1812) 2

remote-winsock(1745) 1

socks(1080) 1

tdisrv(1527) 1

vdolive(7000) 3

wins(1512) 2

xserver(6000) 1

It's the Norton Internet Security log viewer for Network Connections. 

I've got loads of entries under the remote service port that look strange - here's a bit more detail on one smaller section.

I've also got hundreds (every 10-15 seconds) of "unused port blocking has blocked communications " in the firewall activities log.

Help!

Date Time Local IP Address Local Service Port Remote IP Address Remote Service Port Bytes Sent Bytes Received Connection Time
23/11/2008  07:00:13 192.168.1.67 4778 213.35.250.205 auth(113) 22161 1761456 59:26.3
23/11/2008  07:58:30 192.168.1.67 1040 213.35.250.205 auth(113) 950 836 00:02.5
23/11/2008  07:39:59 192.168.1.67 4261 90.190.27.245 auth(113) 68 0 00:44.2
23/11/2008  07:32:16 192.168.1.67 4058 82.131.107.63 Back-Orifice-2000-1(54321) 68 0 00:02.2
23/11/2008  07:52:34 192.168.1.67 4786 82.131.107.63 Back-Orifice-2000-1(54321) 68 0 00:08.0
23/11/2008  07:35:37 192.168.1.67 4151 82.131.107.63 Back-Orifice-2000-1(54321) 289 607 00:03.5
23/11/2008  07:19:30 192.168.1.67 3524 82.131.107.63 Back-Orifice-2000-1(54321) 68 0 00:02.8
23/11/2008  07:38:35 192.168.1.67 4236 82.131.107.63 Back-Orifice-2000-1(54321) 68 0 00:02.6
23/11/2008  07:02:10 192.168.1.67 2887 82.131.107.63 Back-Orifice-2000-1(54321) 68 0 00:03.1
23/11/2008  07:09:50 192.168.1.67 3165 203.206.123.62 doom(666) 68 0 00:02.9
23/11/2008  07:23:57 192.168.1.67 3679 203.206.123.62 doom(666) 68 0 00:03.0
23/11/2008  07:40:05 192.168.1.67 4286 70.51.5.195 http-proxy(8080) 239 556 00:04.1
23/11/2008  07:27:02 192.168.1.67 3788 70.51.5.195 http-proxy(8080) 239 556 00:03.8
23/11/2008  07:11:29 192.168.1.67 52323 87.245.24.51 ingreslock(1524) 0 68 00:14.2
23/11/2008  07:45:24 192.168.1.67 52323 124.195.204.205 msnp(1863) 0 68 00:14.3
23/11/2008  07:00:53 192.168.1.67 52323 83.253.103.237 ms-sna-base(1478) 0 2904 00:00.8
23/11/2008  07:19:12 192.168.1.67 3511 81.141.106.238 NetBus(12345) 68 0 00:02.5
23/11/2008  07:45:12 192.168.1.67 4041 81.141.106.238 NetBus(12345) 1257 115299 13:22.4
23/11/2008  07:04:21 192.168.1.67 2958 81.141.106.238 NetBus(12345) 68 0 00:03.3
23/11/2008  07:47:48 192.168.1.67 52323 201.8.134.172 nsvt(1537) 0 1537 00:01.3
23/11/2008  07:28:15 192.168.1.67 3833 87.219.241.46 ntp(123) 289 605 00:03.1
23/11/2008  07:01:41 192.168.1.67 52323 115.132.15.59 radius(1812) 211 211 00:30.0

I've also got hundreds (every 10-15 seconds) of "unused port blocking has blocked communications " in the firewall activities log.

I have a Netgear wireless router and adapters at home, and I get the same "errors". I think it's normal, and Norton just saves every trafic on the network, even if it's only the router and PC's communication. So you can relax, nothing happens with your PC. ;) :D