0

my problem is that literally every minute i get a pop-up in the bottom right hand corner of my screen saying 'an intrusion attempt has been blocked.' So i click it to find out more and i click 'show details' and it says the intruder is 255.255.255.255 and under source IP address it says '255.255.255.255.This IP address is invalid.' It also says that the destination IP address is 'YOUR-JSAHFDNCU3(84.13.89.247).' Which is me (my computer name and IP address at that time). What is causing this to happen EVERY SINGLE MINUTE? Please help, Thank you.

2
Contributors
1
Reply
2
Views
11 Years
Discussion Span
Last Post by Rueful Rogue
0

Try this:

Document ID:2002110514573236
Last Modified:09/01/2004


Alert: "NIS (or NPF) has detected...Invalid Source IP Address . . ." after installation

Situation:
After you install Norton Internet Security (NIS) or Norton Personal Firewall (NPF), you see the following security alert every few minutes:

"NIS (or NPF) has detected and blocked an intrusion attempt.
Intrusion: Invalid Source IP Address
Intruder: 255.255.255.255"

Solution:
This alert indicates that someone may be attempting to attack your computer. Because the message indicates that the attempt was blocked, the attack was not successful.

In some cases, however, it appears that the packets might be from your Internet Service Provider (ISP). If so, then the packet is unlikely to be an attack on your computer, and you can prevent the alerts by disabling the signature of these packets.

To disable the signature:

  1. Open NIS or NPF.
  2. Click Intrusion Detection.
  3. Click Configure. You see the Intrusion Detection dialog box.
  4. Click Signatures. You see the Signatures Exclusions dialog box.
  5. Find and click the signature "Invalid Source IP Address" in the list of signatures.
  6. Click Exclude. NIS or NPF now adds this signature to the list of excluded signatures in the box on the right.

After you follow this procedure, NIS and NPF no longer display "Invalid Source IP Address" alerts.

Why this indicates a possible attack
The alert indicates that someone is sending packet in which the source IP address is invalid. For instance, in the case of the IP address of 255.255.255.255, the IP address is an administrative number, and not an IP address that is assigned to specific computers. This means that the person sending this packet may be attempting to hide the real source of the packet. It is inappropriate for someone to send such a packet. In specific situations, such a packet could be seen as an attack.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.