General discussion

HELP!!! Keep getting Norton High Alert - TCP Inbound

Hi everyone!

Hope someone out there can help me? I keep getting this annoying High Alert - Program Control pop-up from Norton saying: Remote System attempting to access your computer
TCP (Inbound)
Remote Address: (different numbers all the time)
Local Address: same
Location: Default

This VERY annoying pop-up keeps on like 12 times or more and I have to keep checking off the "Always use this Action" box and clicking "OK" to "Block".

I don't even know what it is or why it does that. Some tech guy at AOL told me he himself "Permitted" it, but I'm not sure I should do that!!

It's driving me nuts! Please Help! Thanks in advance.
Suzi

Discussion is locked

Follow
Reply to: HELP!!! Keep getting Norton High Alert - TCP Inbound
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: HELP!!! Keep getting Norton High Alert - TCP Inbound
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
You should run a scan

Hi Suzi,

Scan the system using Norton. Full system scan. Make sure it is up-to-date.
Scan also using online scanner to make sure that nothing slips in or missed - http://uk.trendmicro-europe.com/enterprise/products/housecall_launch.php

As for the program alert, see http://service1.symantec.com/SUPPORT/sunset-c2002kb.nsf/672c231f89ff479085256ee600556cc3/6ba3a51a248b934c85256ede00518da3?OpenDocument&src=bar_sch_nam and related links in that page.

What version of Norton do you use? What is your Operating system?

You might want to check your system for open ports too. Go to GRC ShieldsUp - http://www.grc.com/

- Collapse -
Is it a microsoft/symantec clash problem?

Hi, Suzi.

No help, but a question.

I'm suffering from the same highly annoying problem and am trying to track down the rogue "remote system" within my computer. I was wondering did your problem start either soon after you ran the Symantec Live Update or soon after you installed the February Windows Security Updates?

I have a hunch that the problem (or at least my version of the problem) is originating with Windows Messenger or a microsoft .NET update.

Is this the case with you too?

XP (SP1)
NIS 2004

- Collapse -
HELP!!! Keep getting Norton High Alert - TCP Inbound

Hi there...
In answer to your 1st question, no not really... I have XP but didn't make my SP1 or 2 updates yet. I intend to do my SP2 update within the week. I also have, like you, NIS 2004.

The problem started actually, when I tried to benefit with Sympatico's 3 free months, about a week a ago, and couldn't send email at all, after talking with about 4 different tech guys at Sympatico, tried everything they told me but never worked, so I cancelled with them and went with AOL. The darn Alerts kept coming like 20 or more at a time since then, and I'm almost ready to punch a hole in a wall as it is!!! I even called Future Shop and Staples to try and talk to a tech guy, but couldn't get much help there (I guess they figure you should pay them for that??)... Can't seem to even be able to contact by email Symantec to ask them... There is always a different Remote Address number with that TCP (Inbound) each time a new Alert comes around...

Now, today, I've started having other types of Alerts:

ICMP (Inbound) High Risk
Remote Address: 172.148.182.249: Echo Request (Cool
Local Address: mine
Location: Default

and,

Portscan Intrusion
Intruder: 85.68.154.198 (3427)
Protocol: TCP
Attacked IP: mine
Attacked Port: one of my ports

The info on Visual Tracker only showed this intrusion to be from Burbank, CA USA with Node name: abo-198-154-68.bdx.module

When I go in details - no info available!!!

I really am going out of my mind with this sh....!!! I can't even go online without all of these Alerts constantly...

Let me know if you have same sort of things happening or know of someone, and also if some info comes about WHAT TO DO!!! before I go crazzzy!
Thanks.

- Collapse -
is it fair to deduce that you no longer have Symantec?

if so you need to completely eradicate it inclusive of Registry entries.

in my experience Norton/ Symantec is one of the hardest of software[no pun] to remove.

as far as the Echo request, it is a harmless ping.

no worries there.

what type of firewall are you behind?

david

- Collapse -
Symantec still to date...

Hi Dave,
Yes, still have the complete Norton Internet Security 2004 till June 2005 when it expires. Is Norton not one of best or is there AntiVirus software better out there? As for Firewall, it's still with NIS and also on AOL which comes free with them...

Like mentioned in previous reply to "ash2020" - I keep getting different Remote Address numbers... If I should Permit all of these one by one... what would happen? Would I be allowing something dangerous for my PC? I'm afraid to do that!

Suzi

- Collapse -
please let us know more detail
'Portscan Intrusion
Intruder: 85.68.154.198 (3427)
Protocol: TCP
Attacked IP: mine
Attacked Port: one of my ports'


'one of my ports'

there are something like 66000 ports.

your statement above does not help us determine if there is a problem.

the other description of ICMP Echo Request[Cool tells me that it is a common occurence and not high risk.

please provide as much detail as you can so we can analyze this and come up with some answers.

feeding incomplete information piecemeal does not help.
- Collapse -
Maybe NOT microsoft/symantec clash!

I thought my downloads of Symantec Live Update and Windows Security Updates (esp. Windows Messenger) had caused the problem BUT, like you, I have just subscribed to a broadband provider.

Maybe that is the problem: either we don't have Norton set up to allow the provider's system to frequently check the connection (from my recent reading on the matter, I understand that ISP's do this?) OR by being hooked up to broadband, our world just got more dangerous and are being probed by hackers/worms/viruses/whatever.

CAN ANYONE OUT THERE HELP US TO IDENTIFY THE SOURCE OF THESE ALERTS?

Is it...

An internal software conflict? E.g. Messenger vs. Norton

A firewall rules setting problem? I.e. Norton needs to be tinkered with so that it plays nicely with our ISP

Or are we under genuine (constant!)attack? (Yikes)

Any help GREATLY appreciated because as Ruffles2 says, this problem drives you mad very quickly.

- Collapse -
suspect this is what is known as a loop back rule.

however since you have not indicated the local address or port it is at best an educated guess.

loop back occurs when your ISP sends a 'packet' to your PC to test the speed of delivery of information from it to your PC. this should be allowed and a rule will then be created in your Firewll configuration and you will not get this message again.

absent information from you as to local IP address and Ports, this is at best, a possible reason.

- Collapse -
HELP!!! Keep getting Norton High Alert - TCP Inbound

Hi,
When I get these High Alerts from NIS 2004 (XP - no SP1 or 2 yet)... the TCP (Inbound) alert always has a different Remote Address... the Local Address is mine, I suppose... since it has my local address numbers indicated...

Please see more info in reply I made to "ash20" previously...today. Maybe more details there to try and help me know what the problem is!

Thanks.

- Collapse -
(NT) (NT) posted a response there as well.....
- Collapse -
...and the answer is.......!

Well, my problem is solved.

In my case it was that (like Ruffles2) I have just got a new broadband connection and so, compared to before when my laptop was safely hidden behind a router in my office LAN, I am now exposed to huge numbers of infected zombie computer scanning for unprotected victims to infect. All of those alerts are from genuine attacks/ scans (!). All we need to do is simply turn off the cripplingly frequent alerts and let Norton QUIETLY do its work of blocking them in the background.

To do this:

Go to Firewall-Custom-"Alert When Unused Ports Are Accessed" and uncheck it.

Norton still keeps blocking the scan/attacks (this can be confirmed by checking the "Firewall" section of the Norton Activity Log against the content of the alerts both before and after you switch off the "Alert When Unused Ports Are Accessed" function)

Hope this helps.

Whatever, I am certainly feeling a lot calmer now!

- Collapse -
....and the Answer is.......!

Norton Alert Remote system attempting access computer



"Well, my problem is solved.

In my case it was that (like Ruffles2) I have just got a new broadband connection and so, compared to before when my laptop was safely hidden behind a router in my office LAN, I am now exposed to huge numbers of infected zombie computer scanning for unprotected victims to infect. All of those alerts are from genuine attacks/ scans (!). All we need to do is simply turn off the cripplingly frequent alerts and let Norton QUIETLY do its work of blocking them in the background.

To do this:

Go to Firewall-Custom-"Alert When Unused Ports Are Accessed" and uncheck it.

Norton still keeps blocking the scan/attacks (this can be confirmed by checking the "Firewall" section of the Norton Activity Log against the content of the alerts both before and after you switch off the "Alert When Unused Ports Are Accessed" function)

Hope this helps.

Whatever, I am certainly feeling a lot calmer now!"

- Collapse -
(NT) (NT) Thanks for the feedback Ash2020, it is appreciated.

CNET Forums

Forum Info