Spyware, Viruses, & Security forum

General discussion

HELP!!! Keep getting Norton High Alert - TCP Inbound

by ruffles2 / February 18, 2005 7:49 AM PST

Hi everyone!

Hope someone out there can help me? I keep getting this annoying High Alert - Program Control pop-up from Norton saying: Remote System attempting to access your computer
TCP (Inbound)
Remote Address: (different numbers all the time)
Local Address: same
Location: Default

This VERY annoying pop-up keeps on like 12 times or more and I have to keep checking off the "Always use this Action" box and clicking "OK" to "Block".

I don't even know what it is or why it does that. Some tech guy at AOL told me he himself "Permitted" it, but I'm not sure I should do that!!

It's driving me nuts! Please Help! Thanks in advance.
Suzi

Discussion is locked
You are posting a reply to: HELP!!! Keep getting Norton High Alert - TCP Inbound
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: HELP!!! Keep getting Norton High Alert - TCP Inbound
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
You should run a scan
by Donna Buenaventura / February 18, 2005 4:42 PM PST

Hi Suzi,

Scan the system using Norton. Full system scan. Make sure it is up-to-date.
Scan also using online scanner to make sure that nothing slips in or missed - http://uk.trendmicro-europe.com/enterprise/products/housecall_launch.php

As for the program alert, see http://service1.symantec.com/SUPPORT/sunset-c2002kb.nsf/672c231f89ff479085256ee600556cc3/6ba3a51a248b934c85256ede00518da3?OpenDocument&src=bar_sch_nam and related links in that page.

What version of Norton do you use? What is your Operating system?

You might want to check your system for open ports too. Go to GRC ShieldsUp - http://www.grc.com/

Collapse -
Is it a microsoft/symantec clash problem?
by ash2020 / February 19, 2005 6:44 AM PST

Hi, Suzi.

No help, but a question.

I'm suffering from the same highly annoying problem and am trying to track down the rogue "remote system" within my computer. I was wondering did your problem start either soon after you ran the Symantec Live Update or soon after you installed the February Windows Security Updates?

I have a hunch that the problem (or at least my version of the problem) is originating with Windows Messenger or a microsoft .NET update.

Is this the case with you too?

XP (SP1)
NIS 2004

Collapse -
HELP!!! Keep getting Norton High Alert - TCP Inbound
by ruffles2 / February 20, 2005 4:25 AM PST

Hi there...
In answer to your 1st question, no not really... I have XP but didn't make my SP1 or 2 updates yet. I intend to do my SP2 update within the week. I also have, like you, NIS 2004.

The problem started actually, when I tried to benefit with Sympatico's 3 free months, about a week a ago, and couldn't send email at all, after talking with about 4 different tech guys at Sympatico, tried everything they told me but never worked, so I cancelled with them and went with AOL. The darn Alerts kept coming like 20 or more at a time since then, and I'm almost ready to punch a hole in a wall as it is!!! I even called Future Shop and Staples to try and talk to a tech guy, but couldn't get much help there (I guess they figure you should pay them for that??)... Can't seem to even be able to contact by email Symantec to ask them... There is always a different Remote Address number with that TCP (Inbound) each time a new Alert comes around...

Now, today, I've started having other types of Alerts:

ICMP (Inbound) High Risk
Remote Address: 172.148.182.249: Echo Request (8)
Local Address: mine
Location: Default

and,

Portscan Intrusion
Intruder: 85.68.154.198 (3427)
Protocol: TCP
Attacked IP: mine
Attacked Port: one of my ports

The info on Visual Tracker only showed this intrusion to be from Burbank, CA USA with Node name: abo-198-154-68.bdx.module

When I go in details - no info available!!!

I really am going out of my mind with this sh....!!! I can't even go online without all of these Alerts constantly...

Let me know if you have same sort of things happening or know of someone, and also if some info comes about WHAT TO DO!!! before I go crazzzy!
Thanks.

Collapse -
is it fair to deduce that you no longer have Symantec?
by dawillie / February 20, 2005 4:29 AM PST

if so you need to completely eradicate it inclusive of Registry entries.

in my experience Norton/ Symantec is one of the hardest of software[no pun] to remove.

as far as the Echo request, it is a harmless ping.

no worries there.

what type of firewall are you behind?

david

Collapse -
Symantec still to date...
by ruffles2 / February 20, 2005 4:41 AM PST

Hi Dave,
Yes, still have the complete Norton Internet Security 2004 till June 2005 when it expires. Is Norton not one of best or is there AntiVirus software better out there? As for Firewall, it's still with NIS and also on AOL which comes free with them...

Like mentioned in previous reply to "ash2020" - I keep getting different Remote Address numbers... If I should Permit all of these one by one... what would happen? Would I be allowing something dangerous for my PC? I'm afraid to do that!

Suzi

Collapse -
please let us know more detail
by dawillie / February 20, 2005 8:14 AM PST
'Portscan Intrusion
Intruder: 85.68.154.198 (3427)
Protocol: TCP
Attacked IP: mine
Attacked Port: one of my ports'


'one of my ports'

there are something like 66000 ports.

your statement above does not help us determine if there is a problem.

the other description of ICMP Echo Request[8] tells me that it is a common occurence and not high risk.

please provide as much detail as you can so we can analyze this and come up with some answers.

feeding incomplete information piecemeal does not help.
Collapse -
Maybe NOT microsoft/symantec clash!
by ash2020 / February 20, 2005 9:58 AM PST

I thought my downloads of Symantec Live Update and Windows Security Updates (esp. Windows Messenger) had caused the problem BUT, like you, I have just subscribed to a broadband provider.

Maybe that is the problem: either we don't have Norton set up to allow the provider's system to frequently check the connection (from my recent reading on the matter, I understand that ISP's do this?) OR by being hooked up to broadband, our world just got more dangerous and are being probed by hackers/worms/viruses/whatever.

CAN ANYONE OUT THERE HELP US TO IDENTIFY THE SOURCE OF THESE ALERTS?

Is it...

An internal software conflict? E.g. Messenger vs. Norton

A firewall rules setting problem? I.e. Norton needs to be tinkered with so that it plays nicely with our ISP

Or are we under genuine (constant!)attack? (Yikes)

Any help GREATLY appreciated because as Ruffles2 says, this problem drives you mad very quickly.

Collapse -
suspect this is what is known as a loop back rule.
by dawillie / February 19, 2005 7:18 AM PST

however since you have not indicated the local address or port it is at best an educated guess.

loop back occurs when your ISP sends a 'packet' to your PC to test the speed of delivery of information from it to your PC. this should be allowed and a rule will then be created in your Firewll configuration and you will not get this message again.

absent information from you as to local IP address and Ports, this is at best, a possible reason.

Collapse -
HELP!!! Keep getting Norton High Alert - TCP Inbound
by ruffles2 / February 20, 2005 4:32 AM PST

Hi,
When I get these High Alerts from NIS 2004 (XP - no SP1 or 2 yet)... the TCP (Inbound) alert always has a different Remote Address... the Local Address is mine, I suppose... since it has my local address numbers indicated...

Please see more info in reply I made to "ash20" previously...today. Maybe more details there to try and help me know what the problem is!

Thanks.

Collapse -
(NT) (NT) posted a response there as well.....
by dawillie / February 20, 2005 6:20 AM PST
Collapse -
...and the answer is.......!
by ash2020 / February 22, 2005 5:42 AM PST

Well, my problem is solved.

In my case it was that (like Ruffles2) I have just got a new broadband connection and so, compared to before when my laptop was safely hidden behind a router in my office LAN, I am now exposed to huge numbers of infected zombie computer scanning for unprotected victims to infect. All of those alerts are from genuine attacks/ scans (!). All we need to do is simply turn off the cripplingly frequent alerts and let Norton QUIETLY do its work of blocking them in the background.

To do this:

Go to Firewall-Custom-"Alert When Unused Ports Are Accessed" and uncheck it.

Norton still keeps blocking the scan/attacks (this can be confirmed by checking the "Firewall" section of the Norton Activity Log against the content of the alerts both before and after you switch off the "Alert When Unused Ports Are Accessed" function)

Hope this helps.

Whatever, I am certainly feeling a lot calmer now!

Collapse -
....and the Answer is.......!
by ash2020 / February 22, 2005 5:49 AM PST

Norton Alert Remote system attempting access computer



"Well, my problem is solved.

In my case it was that (like Ruffles2) I have just got a new broadband connection and so, compared to before when my laptop was safely hidden behind a router in my office LAN, I am now exposed to huge numbers of infected zombie computer scanning for unprotected victims to infect. All of those alerts are from genuine attacks/ scans (!). All we need to do is simply turn off the cripplingly frequent alerts and let Norton QUIETLY do its work of blocking them in the background.

To do this:

Go to Firewall-Custom-"Alert When Unused Ports Are Accessed" and uncheck it.

Norton still keeps blocking the scan/attacks (this can be confirmed by checking the "Firewall" section of the Norton Activity Log against the content of the alerts both before and after you switch off the "Alert When Unused Ports Are Accessed" function)

Hope this helps.

Whatever, I am certainly feeling a lot calmer now!"

Collapse -
(NT) (NT) Thanks for the feedback Ash2020, it is appreciated.
by roddy32 / February 22, 2005 6:01 AM PST
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?