Installed McAfee Security Center via AOL and have followed the 'internet incoming event log' with interest. But all this stuff is greek to me. First of all, how can I find out which of these addresses I should/could be banning. And since my firewall is already blocking them, do I even need to ban them if I'm not advised to do so?

For example I keep getting repeated hits (is that the right term?) from 'shawcable.net' attempting to access UDP ports 1026, 27, 28 on a regular basis. (the security center identified them) If I ban their address, will they leave me alone?! (Who are these people, and what do they want with me?!)

There's also frequent activity from 'nstot.proxy.aol.com', always from the same address, but they're going after various UDP ports (but all in the 13 and 1500's) with numerous programs (?) "attempting an unsolicited connection" -- like ICA Browser, Oracle Remote Data Base, MVEL, VPJP, Hypercube-lm, Connlcl1. What is all that? Is it my AOL legitimately trying to get through, or somebody else trying to ride on AOL's coat tails? (I assume my firewall can detect 'trustworthy' communication?!)

There was even one called ShockRave trojan ("Danger, Will Robinson"!) For that one, McAfee said that the source computer had scanned mine for this trojan but it had been blocked by the firewall, but it didn't send up a red flag like it did when A SOCKS program wanted to share my connection -- that time they even said I should "consider reporting this scan". (to whom?!) And should I ban everyone who's trying to get to my TCP ports? (that's probably what my mother would tell me!)

So many questions . . . so little time! I've checked out your info (always a good source!) 'googled' and searched wikipedia, but I get the sense these addresses seem to be basically legit, but there's an 'evil' side tapping into them? Is there an "Internet Security for Dummies" out there somewhere?! (I figured you guys would be the ones that would know!)

Sorry if I carried on, but this stuff intrigues me!

Hey USM,

My advice would be to leave the firewall as it is, unless you find a particular software package is not working properly, because it requires internet access. There's not much point in banning an IP address, because you can see that the firewall is already doing it's job. Besides, there is one quick thing you can do to resolve this, and that is to turn your router off for a short while and then back on again. When you do this, your ISP will automatically assign you a new DHCP (IP) address. If attackers have found previous vunerabilities they could exploit before McAfee was installed, they'll no longer be able to even find you after changing you IP address (assuming that you don't have a static one). To prove this works, go to What Is My IP Address? - IP Address Lookup, Info, Speed Test, and more , reset your router and then go back to the same website again, and you should see that address change.

If you still see the above after changing your address, then they are likely to be lagit. To be honest, I recognise some of those, but would still leave the router as it is unless you find something that is not working properly.

This site should help you understand internet security a little better: Internet Security Overview

Here is also a port reference list, so you know what each port (such as 1026, 27 and 28) is used for: Neohapsis Ports List

Thanks for all those good sites -- I'm sure I'll spend many hours exploring and expanding my knowledge on this stuff! (and maybe I'll quit calling it 'stuff'!) I wasn't going to mess with anything in the firewall unless somebody told me to! I guess it's more of a curiousity and my super-sleuth side itching to make sense of things!

I don't have a router, but my IP address does seem to have changed from when I was exploring things a couple days ago. Is that possible? Could McAfee have changed it since I notified them of that SOCKS server thing? (never mind answering that -- I'll check it out when I start delving into those sites!)

Thanks again for helping broaden my horizons!

No problems. Exploring is good, we all have our ways of learning

The same thing can happen with a modem? A new address is assign on connection to your ISP.

Yeah, life is such an education! And I'm getting educated late in that life! I can remember the huge 'reel-to'reel" type computers, in their climate-controlled rooms, when I worked at Mutual of Omaha back in the 70's; didn't even own my own PC till I was in my 40's!

Anyway, apparently logging on does do it 'cuz my address has changed since the last time I talked to you! (the only advantage I've discovered to a modem!) And the "nstot.proxy.aol" and "shawcable" are still there, and the aol one has even scanned me for a couple new trojans which was subsequently blocked. Actually, I'm surprised my system is still operating at all, since I had no type of protection for at least three months!

I'm off to explore new worlds!

Well, I wouldn't be suprised to see ntot.proxy.aol if your ISP is AOL?