DaniWeb IT Discussion Community

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Windows Software (http://www.daniweb.com/forums/forum92.html)
-   -   problem with intrusion detection on norton internet security 2005 (http://www.daniweb.com/forums/thread35452.html)

jellybeans27 Nov 15th, 2005 2:49 pm
problem with intrusion detection on norton internet security 2005
 
my problem is that literally every minute i get a pop-up in the bottom right hand corner of my screen saying 'an intrusion attempt has been blocked.' So i click it to find out more and i click 'show details' and it says the intruder is 255.255.255.255 and under source IP address it says '255.255.255.255.This IP address is invalid.' It also says that the destination IP address is 'YOUR-JSAHFDNCU3(84.13.89.247).' Which is me (my computer name and IP address at that time). What is causing this to happen EVERY SINGLE MINUTE? Please help, Thank you.

Rueful Rogue Nov 15th, 2005 5:32 pm
Re: problem with intrusion detection on norton internet security 2005
 
Try this:

Document ID:2002110514573236
Last Modified:09/01/2004


Alert: "NIS (or NPF) has detected...Invalid Source IP Address . . ." after installation



Situation:
After you install Norton Internet Security (NIS) or Norton Personal Firewall (NPF), you see the following security alert every few minutes:

"NIS (or NPF) has detected and blocked an intrusion attempt.
Intrusion: Invalid Source IP Address
Intruder: 255.255.255.255"

Solution:
This alert indicates that someone may be attempting to attack your computer. Because the message indicates that the attempt was blocked, the attack was not successful.

In some cases, however, it appears that the packets might be from your Internet Service Provider (ISP). If so, then the packet is unlikely to be an attack on your computer, and you can prevent the alerts by disabling the signature of these packets.

To disable the signature:
  1. Open NIS or NPF.
  2. Click Intrusion Detection.
  3. Click Configure. You see the Intrusion Detection dialog box.
  4. Click Signatures. You see the Signatures Exclusions dialog box.
  5. Find and click the signature "Invalid Source IP Address" in the list of signatures.
  6. Click Exclude. NIS or NPF now adds this signature to the list of excluded signatures in the box on the right.
After you follow this procedure, NIS and NPF no longer display "Invalid Source IP Address" alerts.

Why this indicates a possible attack
The alert indicates that someone is sending packet in which the source IP address is invalid. For instance, in the case of the IP address of 255.255.255.255, the IP address is an administrative number, and not an IP address that is assigned to specific computers. This means that the person sending this packet may be attempting to hide the real source of the packet. It is inappropriate for someone to send such a packet. In specific situations, such a packet could be seen as an attack.


All times are GMT -4. The time now is 2:42 pm.

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC