Norton Internet Security User message

Pretty stupid advice if that is all you are provided with. Normally you block all inbound originated attempts for normal everyday usage.

You can clickup a CMD termainal and do a nslookup ip_addy to see where it originates from.

If you have a port number you can look here for what malware likes to use the port.

formatting link
formatting link

Reply to
Bit Twister
Loading thread data ...

Hi - sorry if this is a really stupid question....

I have: Win XP Pro (not SP2 as it made my machine grind to a halt, but I download all other Windows updates / patches as and when they are released) Norton Internet Security 2005 Lavasoft Ad-aware (free version) Spybot Microsoft AntiSpyware beta - all of the above regularly updated and full system scan run

2 mbps ADSL connection (BT)

Over the last few days, I have been getting pop-up messages from Norton IS along the lines of: "A remote system is attempting to access your computer"

Details show: "Protocol: UDP (Inbound)" ""

The dialog box gives me the choice of permitting / blocking this attempt, and as this is identified as "medium-risk" and as Norton's recommendation is "Permit", I have been permitting this

However, although I know that there might be "benign" reasons why other computers should be contacting mine, I'm a little uneasy,as this is a new message I hadn't previously been getting...

My question is this - Am I safe to just click OK to "Permit (recommended)" every time this message comes up, or should I be blocking this? - I'm not even sure what it is (I'm not a techie type!) Does it depend on the IP address shown in the dialog? is there any way I could tell what computer this address belonged to, and therefore whether or not I was happy for it be accessing my local machine?

Many thanks in advance for taking the time to read this and for any advice information you may have

Adam, UK

Reply to

It doesn't show you the port number? If so, it's rather worthless information.

The most common causes for UDP traffic these days are DNS traffic (which your firewall normally would allow) and P2P file sharing traffic using the Kademlia protocol. Oh, and a few hacking attempts and online games, but those are very infrequent compared to the above two.

Well, it depends on who *controls* that IP address, but also what they try to connect to. There's a lot of difference between legal DNS traffic, probing for Kademlia p2p clients, and hacking attempts.

The last time I checked, Norton Internet Security put a "Learn More" clickable link on their requester, which would lead you to a web page that gave you lots of information about the possible attacker, including plotting it on a geographical map.

Reply to
Arthur Hagen Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.