Hi all
The problem I have is this: every few hours, one of the computers (any one, not a particular one) will have a partial failure of internet service- I can't browse the web but email, skype and FTP still work. After
30 minutes the problem rights itself. The other computers in the network don't usually experience this problem in the same time (i.e. they are fine except the one that does't work). I thought my router has a hardware problem but then I noticed that every time the problem happens, just before it my NIS 2003 reports a "portscan" of 192.168.1.1 (domain 53-> this means port 53, I gather). I have a 3COM router and win2k home network of PC's.Apparently it is because the NIS2003 autoblocks the 192.168.1.1 for 30 minutes after each 'attack'. I can only assume that this is some kind of periodic DNS ping by the system.
With the aid of this useful site,
If I set 192.168.1.1 to be a trusted address, doesn't that mean that attacks could originate from there?
I can set it to allow only port 53 from 192.168.1.1, but is this DNS request TCP,UDP, both or ICMP?
What would be the least security vulnerable solution?
Thanks...!
(..) Below is additional configuration info.
I have tried to have the PC's configured statically (with DNS servers) as well as DHCP automatic config, it doesn't imrove the issue. If I disable NIS 2003 and then immediately enable it, internet service resumes... I scanne all open ports with a web security site and it reports that only port 113 is closed (the rest are stealthed).
NIS (Norton internet security) 2003. All PC's in the network have Win2k, SP5 IE6 SP1, and NIS 2003 with all of the updates. L2TP Cable internet is through 3Com wireless Officeconnect 3CRWE554G72T router.