1 Reply Latest reply: Jan 22, 2010 6:12 AM by Ex_Brit RSS

    Inbound events question

      Hello:

       

      ((I am still waiting for help on my thread re: very worrisome, verified attempted attacks by malicious IP 69.64.155.13 that occurred on 1/21 and were missed by McAfee.  See attached MBAM txt log and this:

      http://community.mcafee.com/message/110200#110200))

       

      In the meantime, I don't know if other events listed in my McAfee event logs are "real" or FPs.

       

      As part of my investigation into the event mentioned above, overnight I ran deep scans with all current AV/AM programs currently on this machine (McAfee, Counterspy 3.1 and MBAM Pro 1.44).  Each was clean.  I will install another standalone AV/AM today and scan with it, as well.

       

      I have detected no problems with the computer performance in recent hours.

       

      However, when digging deeper into McAfee logs, I discovered a series of inbound events that seem to be FPs from my ISP.

       

      My McAfee product information is shown in the attached screenshot.

      A screenshot of the suspected inbound events is attached (there are 8 pages of events in the log, this is just page 1).

       

      The "details" of one such event state: "Source IP: 209.18.47.61. A computer at dns-cac-lb-01.rr.com has attempted an unsolicited connection to UDP port 53447 on your computer."

       

      I recognize "dns-csc" as perhaps something related to a DNS server, and "rr.com" may be my ISP's domain (Time Warner Cable/Road Runner).

       

      Please forgive my ignorance, since I don't know much about computers or networking, but are these nothing more than harmless events related to my ISP ("false positives")?

       

      Any assistance you could provide on this matter and on yesterday's IP blocks would be most appreciated.

       

      Thanks,

       

      MM