IANA wants in

Discussion in 'other firewalls' started by im that nobody, May 8, 2005.

Thread Status:
Not open for further replies.
  1. hey all

    So I have norton int. sec. and I have it cranked up so I get no cookies and scrips and stuff is set down. I always get message that remote comp. is trying to access which the ip says its IANA. I always just block it but its constant and getting pretty annoying. Is it safe to let them pass? Would anybody be able to get their ip and try to access my comp.? Is it bad that I don't let them access my comp.? any info is much appreciated.

    thanks
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Do you have a sample log entry you could post?

    You can disable the pop-up alerts if you find them annoying.

    If you are not sure what the prompt is for you are better off to deny first, look into it further and then decide.

    Regards,

    CrazyM
     
  3. hi M

    thanks for reply! well, i have a reason or two i want to keep a VERY close eye on everything that happens to my comp. esp. online. but im just getti n confused and confused! and more confused! just too much i should just give up trying to keep myu privacy. i was though, wondering.. what do those IANA ppl do? do you know why rthey would want to reach me? or its not neccesarily the organization itself thats trying to reach meo_O?
     
  4. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Knock Knock

    Whose there?

    Iana

    Iana who?

    I a na going to tell you.
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    As CrazyM mentioned, posting a sample of the alerts / log would be really helpful to answer you more specifically as to what is happening.

    That said however, IANA is not trying to connect to you. IANA is the "Internet Assigned Numbers Authority" which is the group that defines the uses and assignments of things like private IP address ranges, and various other things related to the Internet. This means that their name will be returned for things such as doing a WhoIS lookup on a private address range. If you use a WhoIS service and look up the information related to the IP address "192.168.1.1" you'll get this:

    They are a type of standards and oversight body. They decide things related to these types of address assignments. They are the default "owners" if you will of things like the private address ranges, simply because they were given the authority to manage this part of the protocol.

    The thread below has a little more on this, but in its case it dealt with another address range, that being the "Automatic Private IP Addressing".

    https://www.wilderssecurity.com/showthread.php?p=87382

    But, none of that is going to help you figure out exactly what is going on. Saying that IANA is associated with what you are seeing in your firewall is like saying the FCC (in the USA) is trying to sell you toothpaste in TV commercials. They may have high-level control of the media, but they aren't making the TV commercials.

    A log sample is really needed to advise you further.
     
  6. here is the copy of the log i got from NIS.. xxxx being my comp. name... o_O? this (actually the 3rd one) came in the moment i logged in and the the other two just followed as soon as i say block. and i get throught out the entire time im on the net. the ip is not always the same, sometimes it's not IANA ip but i get theirs alot, and yes i use auto ip whois thing..

    thanks for your help but im getting paranoid but i just cant take a chance to let my guard down, if you know what i mean..

    This one time, the user has chosen to "block" communications.
    Inbound UDP packet.
    Local address,service is (localhost,1040).
    Remote address,service is (XXXX(192.168.1.126),1040).
    Process name is "N/A".

    This one time, the user has chosen to "block" communications.
    Inbound UDP packet.
    Local address,service is (255.255.255.255,bootps(67)).
    Remote address,service is (XXXX(192.168.1.126),bootpc(6:cool:).
    Process name is "N/A".

    This one time, the user has chosen to "block" communications.
    Inbound UDP packet.
    Local address,service is (localhost,1035).
    Remote address,service is (XXXX(192.168.1.126),1035).
    Process name is "N/A".
     
  7. and i just blocked the whole netrange but i still get it.. is it coming from myself?
     
  8. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Have you changed any of the default System rules? In particular the Loopback and DHCP rules.

    Regards,

    CrazyM
     
  9. no i have not since i installed it.. i have reinstalled my whole system over 10 times within the month and i am starting to give up but i really dont want to. but im afraid if i start changing things because i dont know crap i might mess it up and screw it beyond my capacity to fix and end up reinstalling the whole thing again x(
     
  10. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Just curious why you would be seeing those events with the default rules. They are nothing to worry about. Are you using the Trusted Zone for your LAN subnet?

    Is the firewall set to high and have you checked if "Alert when unused ports are accessed" is disabled which will reduce the pop-ups and just block and log.

    Regards,

    CrazyM
     
  11. oh, oh, yea.. sorry i did change those settings i just havent change any of the specific protocol rules.. well like i said, and i tried to explain in 'privacy software: jap/tor effective against specific attacker?' i am pretty paranoid and i want to know what happens around here..
     
Thread Status:
Not open for further replies.