Norton Internet Security Problem!

Author	All Replies
jellybeans27 join:2005-10-28	Norton Internet Security Problem! my problem is that literally every minute i get a pop-up in the bottom right hand corner of my screen saying 'an intrusion attempt has been blocked.' So i click it to find out more and i click 'show details' and it says the intruder is 255.255.255.255 and under source IP address it says '255.255.255.255.This IP address is invalid.' It also says that the destination IP address is 'YOUR-JSAHFDNCU3(84.13.89.247).' Which is me (my computer name and IP address at that time). What is causing this to happen EVERY SINGLE MINUTE? Please help, Thank you.
	to forum · permalink · · 2005-11-15 14:00:46 ·
jvmorris I Am The Man Who Was Not There. Premium,MVM join:2001-04-03 Reston, VA	Can you copy and paste the whole message from the NIS firewall event log? It sort of sounds like something that someone else saw a few days back. -- Regards, Joseph V. Morris
	to forum · permalink · · 2005-11-15 14:02:38 ·
B Premium,MVM join:2000-10-28	reply to jellybeans27 Reboot. And get I suggest you get a router. -- B -- In a realm outside causality and function
	to forum · permalink · · 2005-11-15 14:06:02 ·
ranschultz Premium join:2004-05-28 Canyon Country, CA	reply to jvmorris As Mr. Morris suggests, a detailed log entry would be appreciated. Short of, or, in addition to that, can you provide the full text of the show details? It would be helpful to know what kind of intrusion is being attempted.
	to forum · permalink · · 2005-11-15 14:12:38 ·
jvmorris I Am The Man Who Was Not There. Premium,MVM join:2001-04-03 Reston, VA	reply to jellybeans27 Okay, found the earlier thread. It's at »NIS2006 . Did it look like this? (Probably not, I see that's an outbound attempt and it sounds like you're talking a inbound attempt.) -- Regards, Joseph V. Morris
	to forum · permalink · · 2005-11-15 14:51:52 ·
jellybeans27 join:2005-10-28	Here's an example from my activity log: Details: Intrusion: Invalid Source IP Address. Intruder: 255.255.255.255. Risk Level: Medium. Source IP address: 255.255.255.255.This IP address is invalid. Destination IP address: YOUR-JSAHFDNCU3(84.13.89.247). Protocol: ICMP.
	to forum · permalink · · 2005-11-15 16:50:00 ·
jvmorris I Am The Man Who Was Not There. Premium,MVM join:2001-04-03 Reston, VA	Looks like it's coming from NIS' IDS subsystem, rather than the firewall. Pity it doesn't give more details about the ICMP message involved. Maybe Reese can shed some light on this. -- Regards, Joseph V. Morris
	to forum · permalink · · 2005-11-15 16:54:34 ·
ranschultz Premium join:2004-05-28 Canyon Country, CA ·Vonage 1 edit	reply to jellybeans27 This appears to be a smurf type of attack. Somebody on your local segment is sending this packet with the intent of using your machine to amplify the attack and cause a denial of service to your segment or some machine on your segment. To figure out who it is you'd have to use a packet sniffer to get the ethernet address associated with the offending packet and associate that with an Internet address. Reporting the ethernet address alone to your ISP should be sufficient to track this person down. Edit: fixed a bone-headed wording mistake.
	to forum · permalink · · 2005-11-15 20:34:47 ·
jellybeans27 join:2005-10-28	Which 'packet sniffer' do you recommend?
	to forum · permalink · · 2005-11-16 06:36:55 ·
jellybeans27 join:2005-10-28	reply to jellybeans27 Also, how do I use a packet sniffer? How do I get the 'ethernet address'?
	to forum · permalink · · 2005-11-16 12:18:00 ·
ranschultz Premium join:2004-05-28 Canyon Country, CA ·Vonage	Ethereal is a popular open source packet sniffer for Windows. The ethernet address (aka MAC or NIC address) will appear in every packet that it tracks. A user's guide is available to give you guidance on using it.
	to forum · permalink · · 2005-11-16 14:54:10 ·
jellybeans27 join:2005-10-28	Thank you. I have downloaded 'ethereal' and i have installed it.....what do i do now to 'track' the packet(s)? Thanks so much for help
	to forum · permalink · · 2005-11-16 18:03:06 ·
jvmorris I Am The Man Who Was Not There. Premium,MVM join:2001-04-03 Reston, VA	All ethereal is going to do is give you a capability to capture the packets; you still have to enable it and I believe what that involves is described (in excuciating detail) in the accompanying documentation. Mind, I've never done this myself, so yes I'm talking off the top of me head. -- Regards, Joseph V. Morris
	to forum · permalink · · 2005-11-16 18:18:02 ·
SamN @ifl.net	reply to B what will buying a router do?
	to forum · permalink · 2005-11-17 06:49:26 ·
Red Dragon Imagine BBR in 20 years join:2005-04-30 Scarsdale, NY ·Verizon FIOS	said by SamN : what will buying a router do? ? It would stop that mess from appearing on his computer. The packets would be blocked at the router. Ever hear of NAT? -- That light that you see at the end of the tunnel. You know that reealy bright one; well its not salvation. Its the 6 o'clock freight train
	to forum · permalink · · 2005-11-17 07:39:58 ·
B Premium,MVM join:2000-10-28	reply to SamN For more than you could want to know, check the Router section of the FAQ at »Security In brief, the original poster appears to have a public IP address. A layer of NAT routing between him or her and the Internet is a valuable (and one might argue essential) safety measure. (With a private IP address, unsolicited inbound packets get no further than your router.) -- B -- In a realm outside causality and function
	to forum · permalink · · 2005-11-17 10:24:22 ·
jellybeans27 join:2005-10-28	I can't understand the help section of ethereal, I don't know how to use it can someone help me please? Thanks.
	to forum · permalink · · 2005-11-17 10:57:24 ·
B Premium,MVM join:2000-10-28	I'm afraid you're going to have to either hire someone or find a friendly neighborhood geek to help you. It's just about impossible to properly train you quickly via a web forum. It's really up to you to read and research (and experiment!) until you understand. But really, I'm not sure you have a problem worth putting all that time into. What I mean is, a strange packet every minute is not a big deal; again I suggest you get a router. My suspicion is simply that your firewall is screwy; you could uninstall / reinstall NIS and/or try a different firewall product. -- B -- In a realm outside causality and function
	to forum · permalink · · 2005-11-17 11:00:29 ·
Red Dragon Imagine BBR in 20 years join:2005-04-30 Scarsdale, NY ·Verizon FIOS	I also just remembered something about NIS. This should not be occurring every minute or so. Under default setting NIS will auto block IPs that make an intrusion attempt. Unless auto block is disabled or set to a bizarre low ban time then this should not be occurring. Also 255.255.255 and IPs like then remind me of subnet masks. kind of makes sense since it is pointing back to your own computer as the attacker. You could also try windows repair function for you net connection to see if that helps. -- That light that you see at the end of the tunnel. You know that reealy bright one; well its not salvation. Its the 6 o'clock freight train
	to forum · permalink · · 2005-11-17 13:04:57 ·


Monday, 09-Nov 19:22:28	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF