Re: Norton Internet Security: "A remote system is attempting to access your computer"

From: Duane Arnold (notme_at_notme.com)
Date: 08/25/04 

Date: Wed, 25 Aug 2004 10:07:59 GMT

Pixel ace wrote:

> Hi all,
>
> I shared this common problem, namely this message appearing every few
> seconds and was led here via a Jan 2004 posting on Google Groups. I think
> I have worked out what's going on with these so I thought I'd follow up.
>
> In my case it was related to Windows XP Pro running IIS. Being a web
> server, it attracts a great deal of attention, some harmless, some not so.

>
> If you don't need it, simply 'stop' it using the snap-in tool under
> Administrative Tools and this should reduce the incidences of these
> messages dramatically. Or uninstall IIS (It's a Windows Component, not a
> regular program don't forget) using the Add/Remove Programs control panel.

IIS is not installed on the XP PRO workstation by default, therefore, no one
should have to go through it.

>
> If, like me, you need IIS for development purposes but you don't need to
> allow remote computers to connect, try these steps:
>
> In the Configure personal firewall dialogue, click the programs tab.
> Microsoft Internet Information Server is probably already in the list at
> the bottom, if not you can add it using the program scan.
>
> I found the predefined rules supplied by Norton quite specialised and
> pretty ineffective so I removed them all and put three new ones in, you
> may only need two.

For me, I use IPsec to further secure IIS that's active on the XP Pro
machines a precaution measure.

http://www.analogx.com/contents/articles/ipsec.htm

>
> Click IIS in the list and then click the modify button. If you get a
> dialogue click the manual option. You need to setup 2 or 3 new rules, the
> top one being Permit incoming connections of any kind from a specific
> computer (being yours - 127.0.0.1). The next one down is optional I think,
> and it is permit all outgoing connections, useful if like me, you use IIS'
> SMTP service. The bottom one has to be block all inbound connections of
> any kind, and this is overidden by the top rule so only you can connect to
> IIS locally.
>
> Hope that helps the next poor soul.

I hope the next poor soul will not have a computer with a direct connect to
the Internet with a PFW solution trying to protect IIS on the machine.
Being a Web developer too with IIS running on two machines local and soon
to be Apache on a SUSU Linux 9.1 Pro machine, I have the common sense to
have the Web Server machines in my Web devlopement work and .Net solutions
training either behind a NAT router or a FW appliance to protect them,
which a NAT router cost as much as Norton and one doesn't have to go
through the above and is better protection too with not having the
possibility of the host based PFW solution or IIS being mis-configured in
the protection.

http://www.homenethelp.com/web/explain/about-NAT.asp

Duane :)