hey all So I have norton int. sec. and I have it cranked up so I get no cookies and scrips and stuff is set down. I always get message that remote comp. is trying to access which the ip says its IANA. I always just block it but its constant and getting pretty annoying. Is it safe to let them pass? Would anybody be able to get their ip and try to access my comp.? Is it bad that I don't let them access my comp.? any info is much appreciated. thanks
Do you have a sample log entry you could post? You can disable the pop-up alerts if you find them annoying. If you are not sure what the prompt is for you are better off to deny first, look into it further and then decide. Regards, CrazyM
hi M thanks for reply! well, i have a reason or two i want to keep a VERY close eye on everything that happens to my comp. esp. online. but im just getti n confused and confused! and more confused! just too much i should just give up trying to keep myu privacy. i was though, wondering.. what do those IANA ppl do? do you know why rthey would want to reach me? or its not neccesarily the organization itself thats trying to reach me?
As CrazyM mentioned, posting a sample of the alerts / log would be really helpful to answer you more specifically as to what is happening. That said however, IANA is not trying to connect to you. IANA is the "Internet Assigned Numbers Authority" which is the group that defines the uses and assignments of things like private IP address ranges, and various other things related to the Internet. This means that their name will be returned for things such as doing a WhoIS lookup on a private address range. If you use a WhoIS service and look up the information related to the IP address "192.168.1.1" you'll get this: They are a type of standards and oversight body. They decide things related to these types of address assignments. They are the default "owners" if you will of things like the private address ranges, simply because they were given the authority to manage this part of the protocol. The thread below has a little more on this, but in its case it dealt with another address range, that being the "Automatic Private IP Addressing". https://www.wilderssecurity.com/showthread.php?p=87382 But, none of that is going to help you figure out exactly what is going on. Saying that IANA is associated with what you are seeing in your firewall is like saying the FCC (in the USA) is trying to sell you toothpaste in TV commercials. They may have high-level control of the media, but they aren't making the TV commercials. A log sample is really needed to advise you further.
here is the copy of the log i got from NIS.. xxxx being my comp. name... ? this (actually the 3rd one) came in the moment i logged in and the the other two just followed as soon as i say block. and i get throught out the entire time im on the net. the ip is not always the same, sometimes it's not IANA ip but i get theirs alot, and yes i use auto ip whois thing.. thanks for your help but im getting paranoid but i just cant take a chance to let my guard down, if you know what i mean.. This one time, the user has chosen to "block" communications. Inbound UDP packet. Local address,service is (localhost,1040). Remote address,service is (XXXX(192.168.1.126),1040). Process name is "N/A". This one time, the user has chosen to "block" communications. Inbound UDP packet. Local address,service is (255.255.255.255,bootps(67)). Remote address,service is (XXXX(192.168.1.126),bootpc(6). Process name is "N/A". This one time, the user has chosen to "block" communications. Inbound UDP packet. Local address,service is (localhost,1035). Remote address,service is (XXXX(192.168.1.126),1035). Process name is "N/A".
Have you changed any of the default System rules? In particular the Loopback and DHCP rules. Regards, CrazyM
no i have not since i installed it.. i have reinstalled my whole system over 10 times within the month and i am starting to give up but i really dont want to. but im afraid if i start changing things because i dont know crap i might mess it up and screw it beyond my capacity to fix and end up reinstalling the whole thing again x(
Just curious why you would be seeing those events with the default rules. They are nothing to worry about. Are you using the Trusted Zone for your LAN subnet? Is the firewall set to high and have you checked if "Alert when unused ports are accessed" is disabled which will reduce the pop-ups and just block and log. Regards, CrazyM
oh, oh, yea.. sorry i did change those settings i just havent change any of the specific protocol rules.. well like i said, and i tried to explain in 'privacy software: jap/tor effective against specific attacker?' i am pretty paranoid and i want to know what happens around here..