[Answered] Knock, knock -- Who's there?
Installed McAfee Security Center via AOL and have followed the 'internet incoming event log' with interest. But all this stuff is greek to me. First of all, how can I find out which of these addresses I should/could be banning. And since my firewall is already blocking them, do I even need to ban them if I'm not advised to do so?
For example I keep getting repeated hits (is that the right term?) from 'shawcable.net' attempting to access UDP ports 1026, 27, 28 on a regular basis. (the security center identified them) If I ban their address, will they leave me alone?! (Who are these people, and what do they want with me?!)
There's also frequent activity from 'nstot.proxy.aol.com', always from the same address, but they're going after various UDP ports (but all in the 13 and 1500's) with numerous programs (?) "attempting an unsolicited connection" -- like ICA Browser, Oracle Remote Data Base, MVEL, VPJP, Hypercube-lm, Connlcl1. What is all that? Is it my AOL legitimately trying to get through, or somebody else trying to ride on AOL's coat tails? (I assume my firewall can detect 'trustworthy' communication?!)
There was even one called ShockRave trojan ("Danger, Will Robinson"!) For that one, McAfee said that the source computer had scanned mine for this trojan but it had been blocked by the firewall, but it didn't send up a red flag like it did when A SOCKS program wanted to share my connection -- that time they even said I should "consider reporting this scan". (to whom?!) And should I ban everyone who's trying to get to my TCP ports? (that's probably what my mother would tell me!)
So many questions . . . so little time! I've checked out your info (always a good source!) 'googled' and searched wikipedia, but I get the sense these addresses seem to be basically legit, but there's an 'evil' side tapping into them? Is there an "Internet Security for Dummies" out there somewhere?! (I figured you guys would be the ones that would know!)
Sorry if I carried on, but this stuff intrigues me!
For example I keep getting repeated hits (is that the right term?) from 'shawcable.net' attempting to access UDP ports 1026, 27, 28 on a regular basis. (the security center identified them) If I ban their address, will they leave me alone?! (Who are these people, and what do they want with me?!)
There's also frequent activity from 'nstot.proxy.aol.com', always from the same address, but they're going after various UDP ports (but all in the 13 and 1500's) with numerous programs (?) "attempting an unsolicited connection" -- like ICA Browser, Oracle Remote Data Base, MVEL, VPJP, Hypercube-lm, Connlcl1. What is all that? Is it my AOL legitimately trying to get through, or somebody else trying to ride on AOL's coat tails? (I assume my firewall can detect 'trustworthy' communication?!)
There was even one called ShockRave trojan ("Danger, Will Robinson"!) For that one, McAfee said that the source computer had scanned mine for this trojan but it had been blocked by the firewall, but it didn't send up a red flag like it did when A SOCKS program wanted to share my connection -- that time they even said I should "consider reporting this scan". (to whom?!) And should I ban everyone who's trying to get to my TCP ports? (that's probably what my mother would tell me!)
So many questions . . . so little time! I've checked out your info (always a good source!) 'googled' and searched wikipedia, but I get the sense these addresses seem to be basically legit, but there's an 'evil' side tapping into them? Is there an "Internet Security for Dummies" out there somewhere?! (I figured you guys would be the ones that would know!)
Sorry if I carried on, but this stuff intrigues me!
Linear Mode
