 |  |  |  |  |  |  |  |
problem with intrusion detection on norton internet security 2005
 |
my problem is that literally every minute i get a pop-up in the bottom right hand corner of my screen saying 'an intrusion attempt has been blocked.' So i click it to find out more and i click 'show details' and it says the intruder is 255.255.255.255 and under source IP address it says '255.255.255.255.This IP address is invalid.' It also says that the destination IP address is 'YOUR-JSAHFDNCU3(84.13.89.247).' Which is me (my computer name and IP address at that time). What is causing this to happen EVERY SINGLE MINUTE? Please help, Thank you.
•
•
Join Date: Nov 2004
Posts: 218
Reputation: 
Solved Threads: 8
Retired Engineer
Try this:
Document ID:2002110514573236
Last Modified:09/01/2004
Alert: "NIS (or NPF) has detected...Invalid Source IP Address . . ." after installation
Situation:
After you install Norton Internet Security (NIS) or Norton Personal Firewall (NPF), you see the following security alert every few minutes:
"NIS (or NPF) has detected and blocked an intrusion attempt.
Intrusion: Invalid Source IP Address
Intruder: 255.255.255.255"
Solution:
This alert indicates that someone may be attempting to attack your computer. Because the message indicates that the attempt was blocked, the attack was not successful.
In some cases, however, it appears that the packets might be from your Internet Service Provider (ISP). If so, then the packet is unlikely to be an attack on your computer, and you can prevent the alerts by disabling the signature of these packets.
To disable the signature:
Why this indicates a possible attack
The alert indicates that someone is sending packet in which the source IP address is invalid. For instance, in the case of the IP address of 255.255.255.255, the IP address is an administrative number, and not an IP address that is assigned to specific computers. This means that the person sending this packet may be attempting to hide the real source of the packet. It is inappropriate for someone to send such a packet. In specific situations, such a packet could be seen as an attack.
Document ID:2002110514573236
Last Modified:09/01/2004
Alert: "NIS (or NPF) has detected...Invalid Source IP Address . . ." after installation
Situation:
After you install Norton Internet Security (NIS) or Norton Personal Firewall (NPF), you see the following security alert every few minutes:
"NIS (or NPF) has detected and blocked an intrusion attempt.
Intrusion: Invalid Source IP Address
Intruder: 255.255.255.255"
Solution:
This alert indicates that someone may be attempting to attack your computer. Because the message indicates that the attempt was blocked, the attack was not successful.
In some cases, however, it appears that the packets might be from your Internet Service Provider (ISP). If so, then the packet is unlikely to be an attack on your computer, and you can prevent the alerts by disabling the signature of these packets.
To disable the signature:
- Open NIS or NPF.
- Click Intrusion Detection.
- Click Configure. You see the Intrusion Detection dialog box.
- Click Signatures. You see the Signatures Exclusions dialog box.
- Find and click the signature "Invalid Source IP Address" in the list of signatures.
- Click Exclude. NIS or NPF now adds this signature to the list of excluded signatures in the box on the right.
Why this indicates a possible attack
The alert indicates that someone is sending packet in which the source IP address is invalid. For instance, in the case of the IP address of 255.255.255.255, the IP address is an administrative number, and not an IP address that is assigned to specific computers. This means that the person sending this packet may be attempting to hide the real source of the packet. It is inappropriate for someone to send such a packet. In specific situations, such a packet could be seen as an attack.
Rueful Rogue
|
Similar Threads
- Norton internet security screw up (Viruses, Spyware and other Nasties)
- Page cannot be displayed after removing Norton Internet Security 2003 (Networking Hardware Configuration)
- Unable To Reinstall Norton Internet Security (Viruses, Spyware and other Nasties)
- Norton Internet Security (Viruses, Spyware and other Nasties)
- Norton Internet Security - Restricted (Viruses, Spyware and other Nasties)
- Norton Internet Security (Privacy Control) (Viruses, Spyware and other Nasties)
- Slow Start-Up When Using Norton Internet Security 2002 (Windows tips 'n' tweaks)
Other Threads in the Windows Software Forum
- Previous Thread: nero burning
- Next Thread: automate question
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Windows Software Posts
- Today's Posts
- Unanswered Threads
1-time 1timeproject acquisition applications apps asp back bailout ballmer bcsm beta billgates bingvisualsearch blackberry bostock browser bugs business cisco clone cloudcomputing comptia dating developer development download dual-boot ebay economy email employment equipt excel exchange facebook freesoftware gaming google halo hdtv high ibm ie8 intel internet jobs keepass law linux lucent merger microsoft microsoftoffice mobile news nintendo office officefileformats officesuites oil openoffice opensource opensuse os outlook patent pda playready powerpoint predictions pricing redhat release rim samsung security server siliconvalley software sony student sugarlabs survey takeover technologycompanies virtualization vista vmware web wii windows windows7 windowslive xbox xbox360 xenocode yahoo yahoo! yang zoho