A Security Alert appears when someone attempts to connect to several ports on your computer in rapid succession. This activity, which is called a portscan, may indicate that someone is probing your computer in preparation for an attack. Not all portscans are malicious. Some Internet service providers scan subscribers' ports to ensure that they are abiding by the terms of the user agreement.
A computer with the IP address [IP address] ran a portscan on your computer.
Ports, which are also called sockets, provide the locations of particular applications or servers on the remote computer with which you are trying to establish communication. This makes it possible to run multiple Internet applications simultaneously on a single computer. For example, many computers on the Internet run both Web and FTP servers. The Web server uses port 80, while the FTP server uses port 21. Ports are numbered 1 through 65535. Ports 1 through 1023 are known as well-known ports. They are the default ports for many common Internet applications. Ports are part of URLs, but they are rarely seen. The port number follows the host name and a colon. In the following example, the port number is 80: http://www.symantec.com:80/securitycheck/index.html Because the most-used ports are standardized, you rarely see port numbers. For example, Web browsers almost always use port 80, so they don't require that you type a port number unless you need to use a different port.
You do not have to do anything to protect your computer. Any communication that triggers a Security Alert is automatically blocked. By default, the computer that sent this communication is placed in AutoBlock, which blocks all communication from this computer for 30 minutes, even if subsequent communication is benign. If you are uncertain whether this alert was triggered by an attack or by legitimate activity, use Visual Tracking to trace the computer's IP address. This helps you identify where the computer is located and, if it is an actual attack, gives you information that you can use to report the attacker.
If you receive frequent Security Alerts for a computer that is running legitimate portscans, you can create an exception that allows portscans from this computer. To turn off monitoring for this attack
If someone is repeatedly using a specific computer for malicious portscans, you can permanently block all communication from the IP address. Use Networking to add this computer to the Restricted Zone. To add a computer to the Restricted Zone
|