Relentless inbounds, need advice/help

Sorry for this bother.
May be about to demonstrate total lack of understanding of computer!

Am running NIS and NPF. HAve been good up to now.

Currently I am getting relentless Program Control pop-ups warning about inbound UDP ("Medium Risk") from 218.83.153.59:xxxxx.
Am clicking "block always" option only to have literally evry minute a new pop-up box from the same address with different xxxxx.

I have done IpLookup and ? this is a site In China.
What is this and how to stop these relentless nuisances?

XPSP2 up to date
Browser is FF
Have scanned with AVG, NAV, AdAware, Spysweeper, A2, Ewido: nothing.
Have cleaned all trash files and rebooted.

Any suggestions.
Thanks.

 

This is almost certainly Windows Messenger spam (selling fake diplomas and other garbage) and blocking it is therefore a good idea - you should be able to create a rule to do this for you in NPF rather than having to respond to prompts all the time though, or tell NPF to block all unsolicited incoming traffic (it should be doing this by default so maybe a change you made is the cause of the problem). Someone more familiar with NPF should be able to give specific advice here.

Given it is a China-based ISP, complaining to them is unlikely to achieve much. You could do a tracert on the address to find out which network provider is upstream from them and email them asking them to block this ISP (this probably won't achieve much on its own but if they receive enough emails something may get done).

 

If it is Windows Messenger spam, you can try this program http://www.grc.com/files/shootthemessenger.exe
It will stop Windows Messenger from running, and its service should be terminated. I've got a feeling that there's something nasty originating from the computer networks in China as I've blocked some unsolicited time-exceeded ICMP packets from a telecom based in Guangzhou province in China. And it always comes from China most of the time. The IP address from China always starts with 202. something, etc, etc....

 

While terminating Windows Messenger is a good idea (and can be done via Control Panel/Administrative Tools/Services without any extra software), it will not do anything to prevent others from sending Messenger traffic...

 

Yes, terminating the service won't stop the spam getting in but...

If there's a firewall that blocks the ports which Windows Messenger uses, the Messenger spam won't get in. The Windows Messenger spam is unsolicited broadcast traffic. Firewalls should be able to block it.

 

I believe that his firewall IS blocking it at the moment... he's just tired of seeing all the Norton popups about the incoming packets. He needs to configure Norton to stop alerting him and just block it silently.

 

Yes, I think he forgot to set it to block it silently.

 

Thanks guys.
Good info as always P2000.
Kerodo: got it in one!
Thanks for the input Nadirah
I have rejigged the settings I had for the alerts, they were set to warn: to give me at least the illusion I was actively involved in my protection.
I have disabled them and no further pop-up messages.
Hope to the higher power that NPF is doing its job
I am finding the Norton tools seem to have really slowed down my comp.
I may have to try some other tools.

I already have the messenger services disabled with the AdAware add-ons, and, have checked with Gibson's STM.

With NPF/NIS and FF, have passed all GRC tests and interestingly almost all of the firewall leak tests, Jason Levines tests are all good.

The only problems stem from Java.
When (rarely; bloody Banks) using IE; have all settings on high.
E-mail text only of course.
Remember, I am still only humble home user and still learning from you guys.
Thanks again
Stephen

 

I completly agree with you, using the hacker ID feature in ZAP ive seen alot of this traffic originating from asia, also the majority of portscans i pick up seem to be from singapore.

 

I live right here in Singapore and I've blocked a lot of port scans from zombie computers here. I think Singapore has an extremely high trojan infection rate. Lucky my computer is well defended.

 

Funny, I live in Singapore too and I have not seen many port scans on my computers. Usually, its from the ISP. In fact, I have been wondering whether it was worth ponying up money for anti-trojan or antivirus stuff since the infection rate seems to be nil or very low for the past two years. Only the Zafi worm got through one time. Are you guys running servers or what?

 

Do not run one myself but can tell you without protection my machine would have died xmas day, as within 2 hrs I received over 500 virus laden mail from a mailing list I subscribed to. Better always to be safe than sorry I believe