My Activity log shows many unused port blocking entries from the same IP address (221.195.73.86) and to several ports, but 1 or 2 ports more frequently. I know that the fact it says "unused port blocking has blocked...." means that the attempt is stopped. But they happen so frequently. My question
1. can the repeated attempts cause the port to "break open"?
2. What if they attempt to use a port that is open, such as port 80?
3. I have noticed some attempts in the past that tried to connect inbound to port 80 that were blocked
But port 80 is the internet port. Is it because port 80 is used as an outbound when one surfs the net? But an inbound attempt without solicitation is a no no?
My Activity log shows many unused port blocking entries from the same IP address (221.195.73.86) and to several ports, but 1 or 2 ports more frequently. I know that the fact it says "unused port blocking has blocked...." means that the attempt is stopped. But they happen so frequently. My question
1. can the repeated attempts cause the port to "break open"?
2. What if they attempt to use a port that is open, such as port 80?
3. I have noticed some attempts in the past that tried to connect inbound to port 80 that were blocked
But port 80 is the internet port. Is it because port 80 is used as an outbound when one surfs the net? But an inbound attempt without solicitation is a no no?
Web browsing on the Internet typically uses a server port of 80. The browser will typically use a semi-random value between 1024 and 4096 for the local port. If you have port 80 open on your machine, than you probably have a web server running on your machine.
Message Edited by reese_anschultz on 01-29-2009 04:32 PM
what I usually see on the connection log when I surf the internet is remote(server?) port 80 but local its like 2727 and they keep changing with every web page I go to. plus the log shows only outbound connection not inbound, if that makes sense
I will post a sample of what I see on the connection log when I get to taht computer as it would probably explain what I am seeing better than me trying to describe it If that is ok to do
NY1986 wrote: I will post a sample of what I see on the connection log when I get to taht computer as it would probably explain what I am seeing better than me trying to describe it If that is ok to do
here is what I see in my connection logs when fro example I log onto thesportingnews.com
Local IP address local port remote IP address remote port
My address 49275 206.16.246.188 http(80)
so I guess I misunderstood and thought that port 80 is open on my computer, but I guess its not. I guess it works that my computer connects to port 80 at the other website. Am I correct?
Reese from this does it appear the I have port 80 open?
I also notice that mu unused port blocking has blocked
72.55.190.57 (80) Don't go there I think its malice.
From the log entry you mentioned, there isn't any information to indicate whether you have port 80 open or not. From your unused port blocking message, though, you don't have port 80 open since the firewall thinks that it's 'unused'.
I have Norton Internet Security 2010 installed on 2 laptops in my home. They are both running Windows Vista 32-bit. In the Norton History on one of them, it is constantly coming up with, “Unused port blocking has blocked communications. Inbound TCP connection from 192.168.1.103, local service Port www-http(80).” The port randomly changes to many different ports, not just 80 (for example, 81, 515, 2191, 443, and 9100. The IP address it is pointing out is the other laptop. I have performed a full system scan on both computers, and neither has come up with anything. What could be causing this? What should I do? Are either of my computers at risk of something?
If you have sharing set up on the computers, or if your internet connection is set up as a slave through the main computer, you will see traffic back and forth. This will depend on your Windows settings when you set up your home group. You have not allowed this kind of contact between them in Norton, so it is blocked.
Thank you for the welcome, I’m happy to have a great community willing to help! I’m happy that NIS is doing its job on computer A, the only thing I’m worried about is why computer B is attempting to access computer A, and what it could mean for anything else on my network. My internet comes from a wireless router, hooked directly to my satellite modem (HughesNet satellite ISP), so the connection isn’t shared from one computer to another. Do you think that whatever is causing computer B to connect to computer A may also cause it to attempt any other items on the network (gaming consoles, perhaps another computer if a family member brings one over, etc.), and if so, does anyone have any good ideas about where to keep looking on computer B for the problem? What has me worried is that it’s only the one way. In other words, computer B isn’t logging any blocks like it, so I’m not sure that it’s a Windows/networking issue. That’s why I am interested in digging a little deeper into it.
squirrel_why, it does look like there is program on computer B that is performing reconnaissance on computer A. It appears to be looking for some standard ports (80 for http, 443 for https). You may run netstat with the -b option to see what executables on computer B have network connections (I vaguely recall that this might be slightly different on Vista though.) You could also create a NIS system rule on computer B to simply monitor and log all connection attempts to computer A and that should show you determine which process is performing the activity.
Thank you for your help, that did the trick. I ran netstat, found which program was attempting the connections and got rid of it. The NIS history log hasn’t shown a single attempt since.