BleepingComputer.com: question about firewall log entry

First let me preface by saying I have posted this question elsewhere, so participants here may have seen it before. If so feel free to pass on by. I'm just trying to get some different perspectives

my specifics 1 PC Desktop with DSL modem, not router.
Vista Home Premium 32 bit OS with Vista Service pack 2
use Norton as my security product, with on demand scanners from malwarebytes, spybot, and windows defender

here is my issue
When I look at my firewall logs, I see the entry
port blocking allowed 192.168.0.1(8)

This entry appears every 5 minutes or so from the time my computer boots up

now my network shows only 1 PC and all my security scans show clean. my firewall works because I do get entries where port blocking blocks unsolicited IP addresses

Now MY ISP is AT&T and I'm in a major US metro area. I know that if I shut down my computer for more than 8 minutes, I will get a new IP address upon start up. So them seem to rotate IP addresses rapidly

just wondering what this means. My initial thought is that it is my DSL modem "talking" to my computer to let it know that the link between them is established and established and established

just not sure why the entry every 5 minutes and not sure what the (8) means in 192.168.0.1 (8)

Thanks in advance

That looks like an ip address of a router or modem it may be your modem open cmd prompt type ipconfig should bring up your connection.

Doesn't Norton have a Help file where they explain how to read the logs?

Could be port 8, unlikely since is unassigned by IANA list.
Could be exterior gateway protocol#
Could be ping to keep the connection alive, ICMP type 8 - Echo request. If it's incoming, then your computer will issue ICMP type 3 which is a reply to ping or Echo Reply. If it's outgoing, then it is your computer pinging the modem. You didn't tell what your IP is so it's all a guesswork on my part. If default, it's 192.168.0.100. you also did not tell whether it's outgoing or incoming communication.
Anyway the 192.168.0.1 address sounds like the address of your NAT modem which is the gateway to the outer world, and most likely it's all perfectly normal.

This post has been edited by tos226: 02 May 2010 - 11:03 PM

First- Thanks to you both for responding

Yes, the 192.168.0.1 is my DSL modem. It is not my IP address

the connection is an inbound action through the firewall. In fact when this happens, the firewall entry will read

port blocking allowed 192.168.0.1 (8)

TOS226
when you say

Could be ping to keep the connection alive, ICMP type 8 - Echo request. If it's incoming, then your computer will issue ICMP type 3 which is a reply to ping or Echo Reply. If it's outgoing, then it is your computer pinging the modem. You didn't tell what your IP is so it's all a guesswork on my part. If default, it's 192.168.0.100. you also did not tell whether it's outgoing or incoming communication.

I think it is incoming as it appears to come into my system as evidenced by the port blocking allowed message, so that makes sense what you said about keeping the connection alive. But I do not see any continous logging of the return reply (reply from the computer to DSL modem). Now at boot up I do see a connection from my computer to 192.168.0.1. But only 1 time

1. Do you think the (8) in the 192.168.0.1 (8) is standing for the ICMP type 8?

2. So is it normal for the DSL modem to make connection to the computer like every 5 minutes?

3. This doesn't appear to be some type of hacking does it?
Thanks in advance

This post has been edited by mrjonesnme2010: 03 May 2010 - 06:14 PM

If this is ICMP, I suspect it's normal.
I don't use a modem, but have a router. I do see ICMP pings from the router sometimes, usually at startup or resume from standby. More frequently I see ARP (address resolution protocol) in action.
Every few minutes the router sends a query to all devices "who has x.x.x.x IP?", and the box with that IP address replies "Me, here is my MAC address xx-xx-xx-xx-xx-xx", and the computers do the same about other computers, everybody keeps asking everybody else who is where.

If you don't see the outgoing, perhaps you're not logging it in the firewall. Or the firewall is setup to ignore the external pings, which is fine as well, so long as your connection is working.

What do the Norton logs look like besides this one entry? See, I don't have Norton (nor Vista), so a wording such as "port blocking allowed" is not very clear to me. Let's say you go to google, how do the logs read?

This post has been edited by tos226: 09 May 2010 - 05:03 PM

Not all ICMP ones are legit. There is nothing on my system to account for any ICMP hits and the only ICMP ones I get that are legit are from AOL and I know which ones those are and not all ICMP hits I get are from them.