I bought an Acer laptop for my nephew in Costa Rica, and I wanted to fire it up and make sure everything worked before it goes down there. Setting things up (this is Vista) is of course a pain in the behind, especially since I don't know how my nephew necessarily wants things and I have no windows experience. He might just wipe it all anyway but I don't know.
So one of the things it asks is about a 90 day free Norton trial. I think, well, why not. At least it won't have some virus before I even get it to him. Within minutes of getting it on my WLAN, it notifies me that it has thwarted an "attack." Which I think is peculiar, because my router's (Linksys WRT54G) firewall is on. The details of the attack are:
Port Scan from 192.168.0.1, 53
Traffic Description: UDP, 53
192.168.0.1 seems to be the DSL modem on the other side of the Linksys. Google tells me port 53 has something to do with DNS?
I have never run any Windows or anti-virus software on my local network before, and I am not exactly a network guru, so this is new to me. Is this anything to be concerned about or is this normal network activity? Are my Macs vulnerable? Why is my router letting this pass through?
192.168.0.1 is almost certainly part of your router's normal DHCP operations. Nothing to worry about.
Norton, well...sucks IMHO, and is prone to false positives and resource hogging.
Better to get AVG Free, Spybot Search & Destroy, and Adaware. Plus, they're all free.
It sounds like it thwarted the routers attempt to ask it for its name. My router will ask a machine that is attached to it for it's machine name that the OS has set and show that along with the IP in the list of attached devices.
Thanks, but I still don't understand- if I type 192.168.0.1 in my browser, I get the configuration screen for the DSL modem, so doesn't that mean the request came from the modem, not the router (which should be blocking it?)