Norton Firewall/NIS message about incoming UDP connection
From: Bill Evans (WHEvansIII-hatesspam_at_NOSPAMcharter.net)
Date: 11/29/04
- Next message: Chadman: "Re: msn home pages doesn't display the macromedia clip"
- Previous message: AdL: "Windows Firewall is off, but still receiving RPC error when running GPMC RSoP"
- Next in thread: Carey Frisch [MVP]: "Re: Norton Firewall/NIS message about incoming UDP connection"
- Reply: Carey Frisch [MVP]: "Re: Norton Firewall/NIS message about incoming UDP connection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Nov 2004 08:03:22 -0600
The firewall in Norton Internet Security 2004 has given me this message ten
times in the past two hours:
----
A remote system is attempting to access Microsoft Generic Host Process for
Win32 Services on your computer.
----
The last incoming IP is 169.254.205.18, but it's not the same IP each time.
Interestingly, IP's in the 169.254.x.y range are passed out by Windows when
you tell it to use DHCP to get an address and there is no DHCP server, but
the other IP's were not in that range nor in the 192.168.x.y range, but I
digress....
I've searched the internet, and found several message boards that offer tech
help where people were told "Don't worry about it, allow it.".
Also NIS itself suggests that I allow it.
I've been denying it each time because it's INCOMING, it wasn't coming in
yesterday, I don't know what it is or why it might be trying to send me UDP
packets, and I don't think it has my best interests in mind. ;-)
So now I have some questions:
1) What is it, and why did it all of the sudden start picking on me? Of
course I suspect it's a worm looking for an open socket.
2) Why is NIS suggesting I allow it?
3) How is a remote IP able to reach me through my LinkSys router? Here is
my current IP info:
-----
Windows IP Configuration
Ethernet adapter Internet Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::2e0:4cff:fe00:1211%4
Default Gateway . . . . . . . . . : 192.168.1.1
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : fe80::5445:5245:444f%5
Default Gateway . . . . . . . . . :
Tunnel adapter Automatic Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.100%2
Default Gateway . . . . . . . . . :
-----
At first I couldn't think of any changes I've made to bring this on, but now
I remember that I did install all of the Windows XP components listed under
"Networking Services" (UPnP UI, Simple TCP/IP services, etc.) last night.
Is that what's causing this? Also is that why I have these funky IP's
listed under IPConfig <above> that I've never seen before?
--
bill evans
WHEvansIIINO@SPAMcharter.net
Hartselle, AL
Freeman Dyson: "It's best not to limit our thinking. We can always
air-condition the Earth."
- Next message: Chadman: "Re: msn home pages doesn't display the macromedia clip"
- Previous message: AdL: "Windows Firewall is off, but still receiving RPC error when running GPMC RSoP"
- Next in thread: Carey Frisch [MVP]: "Re: Norton Firewall/NIS message about incoming UDP connection"
- Reply: Carey Frisch [MVP]: "Re: Norton Firewall/NIS message about incoming UDP connection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
