Security Alert Problem

Forum Moderators: phranque

Message Too Old, No Replies

Security Alert Problem

gms3651

9:40 pm on Apr 25, 2006 (gmt 0)

I just recently installed Apache on my computer. I have Norton AntiVirus on my computer. Today a Norton message box popped up and said 'Norton Internet Worm Protection has detected a remote system that is attempting to access your computer. If you've started a program that requires Internet access such as online gaming, file sharing, or instant messaging, then select Permit to allow the program to continue'

Here are some more details

Path: C:\Program Files\Apa...\Apache.exe
File Name: same as above
Direction: Inbound
Local Port: http, www, www-http (80)
Remote Port: 4136
Protocol: TCP

Any help would be appreciated.

Thanks!

jdMorgan

11:58 pm on Apr 25, 2006 (gmt 0)

Obviously, someone (or a program) requested something from your server, and Norton blocked it.

Jim

gms3651

1:13 pm on Apr 26, 2006 (gmt 0)

How could someone request something from my server when I only use it for local development. I don't want the outside world to access anything on my computer in regards to apache.exe. What do I need to change in order for this to stop happening. I still want to be able to use the Internet.

Thanks,

jdMorgan

2:25 pm on Apr 26, 2006 (gmt 0)

The average time for your server to be discovered by IP-address scanners is about 17 seconds, so you should be expecting lots of attempts to access your server. These attempts have always been happening -- These scanners bascially look for open ports on *all* IP addresses. It's just that now you actually do have a server there to respond.

I'm not an expert on Norton Security but basically, you need to make sure your server is only listening on port 80, and then tell Norton to block all requests to that port from outside your local network. I recall that this is fairly easy to do in Norton, but if not, you can buy a fairly effective SPI firewall/router for less than $100. (SPI is "Stateful Packet Inspection" -- In other words, a firewall that makes sure that each incoming packet corresponds to a previous outgoing request, and rejects all unsolicited packets coming from the internet.)

Jim