|
Posted by Tam on September 3, 2007, 12:43 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I have a Netgear DG834 v2 adsl modem/router.
It works well.
My question is why would my local norton fireall report that the
router portscanned me? The report says that network traffic from the
netgear matches the signature of a known attack.
Attacking Computer : 192.168.0.1, 53
Action Taken : Block
Destination Address : 192.168.0.2, 55841
Traffic Description : UDP, 53
Am I right in guessing that the, e.g. 53, is a port? And isnt port 53
used for DNS? What is the netgear doing and should I be worried?
Thanks for any light shed on this.
|
|
Posted by Kris on September 3, 2007, 1:01 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Tam writes:
> My question is why would my local norton fireall report that the
> router portscanned me? The report says that network traffic from the
> netgear matches the signature of a known attack.
>
> Attacking Computer : 192.168.0.1, 53
> Action Taken : Block
> Destination Address : 192.168.0.2, 55841
> Traffic Description : UDP, 53
>
> Am I right in guessing that the, e.g. 53, is a port? And isnt port 53
> used for DNS? What is the netgear doing and should I be worried?
>
> Thanks for any light shed on this.
Your PC sent a DNS request to the router. The router sent back a reply.
It is normal.
PS. Norton often - specifically, stuff designed for home users - often
causes problems. For 99% of people who don't need/want to monitor or
block outgoing data, the in-built Windows (XP SP2/Vista) firewall works
fine. A firewall isn't usually necessary if you are behind a NAT router,
as it likely has its own firewall.
|
|
Posted by Tam on September 3, 2007, 1:42 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Your PC sent a DNS request to the router. The router sent back a reply.
> It is normal.
>
> PS. Norton often - specifically, stuff designed for home users - often
> causes problems. For 99% of people who don't need/want to monitor or
> block outgoing data, the in-built Windows (XP SP2/Vista) firewall works
> fine. A firewall isn't usually necessary if you are behind a NAT router,
> as it likely has its own firewall.
>From the little I know of firewalls... if my computer *had* sent a
request to the router then it would of course pass through norton
firewall. In that case the firewall should 'remember' that the request
was sent and handle the reply when it comes. It is stored in the state
table huh?
Which would make the communication the Norton reported as totally
unsolicited? Am I off the mark here?
Also... i do like to run a local firewall in addition to the firewall
built into the router. Its handy for monitoring what is going out and
will alert me to x y and z program trying to access the net which is
handy indeed for programs/spyware that is communicating with the
outside world (or, attempting to... off with its head :))
|
|
Posted by Moe Trin on September 3, 2007, 9:48 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>> Your PC sent a DNS request to the router. The router sent back a reply.
>> It is normal.
Almost correct. The PC sent a DNS request. The router isn't a full
sourse of information about everything in the world, and has to pass
the request along to others. This takes time. Norton figured after a
second or two that it wasn't going to get an answer, and marked that
connection attempt as dead. When the router finally did get an answer
and responded, Norton had forgotten that it had asked, and wanting to
impress the O/P, announced that it has BLOCKED AN ATTACK!!!
>> PS. Norton often - specifically, stuff designed for home users - often
>> causes problems.
This is mainly because Norton was set in the most paranoid mode. The
world isn't a simple as the paranoid mode requires, and Norton winds
up looking like the "boy who cried wolf".
>> A firewall isn't usually necessary if you are behind a NAT router,
>> as it likely has its own firewall.
Agreed, but how is Norton supposed to sell crap if that were the case?
>From the little I know of firewalls... if my computer *had* sent a
>request to the router then it would of course pass through norton
>firewall. In that case the firewall should 'remember' that the request
>was sent and handle the reply when it comes. It is stored in the state
>table huh?
Yes, but only for a limited time. Who ever configured the firewall
set the time to short. You could file a bug report with Norton, and
maybe they'll look into correcting the problem. (I doubt it, as this
problem has been going on for years - you need only use the search
engine you are posting from as a search engine.)
Web Results 1 - 10 of about 226,000 for Norton blocked attack 53 UDP.
(0.12 seconds)
>Which would make the communication the Norton reported as totally
>unsolicited? Am I off the mark here?
No, it merely means that Norton has been configured to forget things
that don't happen right away. If you read the RFCs (for example, section
5.1 of RFC1034), you might find that a DNS response can literally take
several seconds. The industry standard namserver (ISC BIND) is normally
set for a five second timeout. You must understand that every server
in the world isn't waiting patiently to serve only you. As of the
middle of last month, there are 82,000 networks in the world which
translates to about a quarter million name servers - do you know the
right one to ask your question? Oh, and there are about 2,533,552,588
IPv4 (the kind you are using) addresses to keep track of.
>Also... i do like to run a local firewall in addition to the firewall
>built into the router. Its handy for monitoring what is going out and
>will alert me to x y and z program trying to access the net which is
>handy indeed for programs/spyware that is communicating with the
>outside world (or, attempting to... off with its head :))
Why are you installing spyware, viruses, and other trojans? Or do you
think there is a "Malware Fairy" that flutters by, waves her magic
wand when you aren't looking, and Hey Presto, your computer is infected?
Old guy
|
|
Posted by Wolfgang Kueter on September 4, 2007, 4:35 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Tam wrote:
>>From the little I know of firewalls... if my computer *had* sent a
>>request to the router then it would of course pass through norton
>>firewall. In that case the firewall should 'remember' that the request
>>was sent and handle the reply when it comes. It is stored in the state
>>table huh?
>
> Yes, but only for a limited time. Who ever configured the firewall
> set the time to short.
Though I regard Norton as complete and useless crap I do admit that finding
acceptable timeout values for UDP answer packets is a bit od a problem
problem for any stateful packet filter implementation because UDP is a
stateless protocol. TCP connections are easier to handle for a filter
because of flags and sequence numbers.
Wolfgang
|
| Similar Threads | Posted | | Netgear FVS318 and Netgear (ProSafe) VPN Client problem through firewalls | July 15, 2004, 9:17 am |
| Netgear FVS114 with Netgear DG814 with Single IP Address | February 26, 2007, 7:48 pm |
| How did netgear do that? | December 5, 2004, 6:30 pm |
| Netgear VPN | April 19, 2007, 7:54 am |
| NETGEAR WGT 624 Log Viewer? | November 6, 2004, 2:06 pm |
| Netgear FVS338 | April 25, 2005, 7:52 pm |
| Netgear FR114P | May 21, 2005, 8:19 pm |
| Netgear FR114P` | September 5, 2005, 11:11 pm |
| netgear fsm7326 | September 14, 2005, 8:16 am |
| NetGear FVS124G | April 6, 2006, 9:47 am |
|
XML site map