Norton Internet Security Problem!

Forums » Up and Running » Security » Security » Norton Internet Security Problem!


Uniqs: 912	Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal

Filezilla uninstall.exe detected as Prockill-DF? »
« IM Rootkit Tracked To Mid East Group

jellybeans27

join:2005-10-28

Norton Internet Security Problem!

my problem is that literally every minute i get a pop-up in the bottom right hand corner of my screen saying 'an intrusion attempt has been blocked.' So i click it to find out more and i click 'show details' and it says the intruder is 255.255.255.255 and under source IP address it says '255.255.255.255.This IP address is invalid.' It also says that the destination IP address is 'YOUR-JSAHFDNCU3(84.13.89.247).' Which is me (my computer name and IP address at that time). What is causing this to happen EVERY SINGLE MINUTE? Please help, Thank you.

permalink · 2005-11-15 14:00:46 · Print ·

jvmorris I Am The Man Who Was Not There. Premium,MVM join:2001-04-03 Reston, VA	Re: Norton Internet Security Problem! Can you copy and paste the whole message from the NIS firewall event log? It sort of sounds like something that someone else saw a few days back. -- Regards, Joseph V. Morris
	permalink · 2005-11-15 14:02:38 ·

ranschultz Premium join:2004-05-28 Canyon Country, CA	Re: Norton Internet Security Problem! As Mr. Morris suggests, a detailed log entry would be appreciated. Short of, or, in addition to that, can you provide the full text of the show details? It would be helpful to know what kind of intrusion is being attempted.
	permalink · 2005-11-15 14:12:38 ·

B Premium,MVM join:2000-10-28	Reboot. And get I suggest you get a router. -- B -- In a realm outside causality and function
	permalink · 2005-11-15 14:06:02 ·

SamN @ifl.net	Re: Norton Internet Security Problem! what will buying a router do?
	permalink · 2005-11-17 06:49:26 ·

Red Dragon Imagine BBR in 20 years join:2005-04-30 Scarsdale, NY	Re: Norton Internet Security Problem! said by SamN : what will buying a router do? ? It would stop that mess from appearing on his computer. The packets would be blocked at the router. Ever hear of NAT? -- That light that you see at the end of the tunnel. You know that reealy bright one; well its not salvation. Its the 6 o'clock freight train
	permalink · 2005-11-17 07:39:58 ·

B
Premium,MVM
join:2000-10-28

For more than you could want to know, check the Router section of the FAQ at »Security

In brief, the original poster appears to have a public IP address. A layer of NAT routing between him or her and the Internet is a valuable (and one might argue essential) safety measure. (With a private IP address, unsolicited inbound packets get no further than your router.)

-- B
--
In a realm outside causality and function

permalink · 2005-11-17 10:24:22 ·

jellybeans27 join:2005-10-28	Re: Norton Internet Security Problem! I can't understand the help section of ethereal, I don't know how to use it can someone help me please? Thanks.
	permalink · 2005-11-17 10:57:24 ·

B
Premium,MVM
join:2000-10-28

Re: Norton Internet Security Problem!

I'm afraid you're going to have to either hire someone or find a friendly neighborhood geek to help you. It's just about impossible to properly train you quickly via a web forum. It's really up to you to read and research (and experiment!) until you understand.

But really, I'm not sure you have a problem worth putting all that time into.

What I mean is, a strange packet every minute is not a big deal; again I suggest you get a router. My suspicion is simply that your firewall is screwy; you could uninstall / reinstall NIS and/or try a different firewall product.

-- B
--
In a realm outside causality and function

permalink · 2005-11-17 11:00:29 · Print ·

Red Dragon
Imagine BBR in 20 years

join:2005-04-30
Scarsdale, NY

Re: Norton Internet Security Problem!

I also just remembered something about NIS. This should not be occurring every minute or so. Under default setting NIS will auto block IPs that make an intrusion attempt. Unless auto block is disabled or set to a bizarre low ban time then this should not be occurring. Also 255.255.255 and IPs like then remind me of subnet masks. kind of makes sense since it is pointing back to your own computer as the attacker. You could also try windows repair function for you net connection to see if that helps.
--
That light that you see at the end of the tunnel. You know that reealy bright one; well its not salvation. Its the 6 o'clock freight train

permalink · 2005-11-17 13:04:57 · Print ·

jvmorris I Am The Man Who Was Not There. Premium,MVM join:2001-04-03 Reston, VA	Okay, found the earlier thread. It's at »NIS2006 . Did it look like this? (Probably not, I see that's an outbound attempt and it sounds like you're talking a inbound attempt.) -- Regards, Joseph V. Morris
	permalink · 2005-11-15 14:51:52 ·

jellybeans27 join:2005-10-28	Re: Norton Internet Security Problem! Here's an example from my activity log: Details: Intrusion: Invalid Source IP Address. Intruder: 255.255.255.255. Risk Level: Medium. Source IP address: 255.255.255.255.This IP address is invalid. Destination IP address: YOUR-JSAHFDNCU3(84.13.89.247). Protocol: ICMP.
	permalink · 2005-11-15 16:50:00 ·

jvmorris I Am The Man Who Was Not There. Premium,MVM join:2001-04-03 Reston, VA	Re: Norton Internet Security Problem! Looks like it's coming from NIS' IDS subsystem, rather than the firewall. Pity it doesn't give more details about the ICMP message involved. Maybe Reese can shed some light on this. -- Regards, Joseph V. Morris
	permalink · 2005-11-15 16:54:34 ·

ranschultz
Premium
join:2004-05-28
Canyon Country, CA

·Vonage

1 edit

This appears to be a smurf type of attack. Somebody on your local segment is sending this packet with the intent of using your machine to amplify the attack and cause a denial of service to your segment or some machine on your segment.

To figure out who it is you'd have to use a packet sniffer to get the ethernet address associated with the offending packet and associate that with an Internet address. Reporting the ethernet address alone to your ISP should be sufficient to track this person down.

Edit: fixed a bone-headed wording mistake.

permalink · 2005-11-15 20:34:47 · Print ·

jellybeans27 join:2005-10-28	Re: Norton Internet Security Problem! Which 'packet sniffer' do you recommend?
	permalink · 2005-11-16 06:36:55 ·

jellybeans27 join:2005-10-28	Also, how do I use a packet sniffer? How do I get the 'ethernet address'?
	permalink · 2005-11-16 12:18:00 ·

ranschultz Premium join:2004-05-28 Canyon Country, CA ·Vonage	Re: Norton Internet Security Problem! Ethereal is a popular open source packet sniffer for Windows. The ethernet address (aka MAC or NIC address) will appear in every packet that it tracks. A user's guide is available to give you guidance on using it.
	permalink · 2005-11-16 14:54:10 ·

jellybeans27 join:2005-10-28	Re: Norton Internet Security Problem! Thank you. I have downloaded 'ethereal' and i have installed it.....what do i do now to 'track' the packet(s)? Thanks so much for help
	permalink · 2005-11-16 18:03:06 ·

jvmorris I Am The Man Who Was Not There. Premium,MVM join:2001-04-03 Reston, VA	Re: Norton Internet Security Problem! All ethereal is going to do is give you a capability to capture the packets; you still have to enable it and I believe what that involves is described (in excuciating detail) in the accompanying documentation. Mind, I've never done this myself, so yes I'm talking off the top of me head. -- Regards, Joseph V. Morris
	permalink · 2005-11-16 18:18:02 ·

your comment..

Forums » Up and Running » Security » Security	Filezilla uninstall.exe detected as Prockill-DF? » « IM Rootkit Tracked To Mid East Group


Saturday, 05-Dec 11:35:49	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF