Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mcafee Securitycenter/log Viewer


  • Please log in to reply
10 replies to this topic

#1 Groffeaston

Groffeaston

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:05:11 AM

Posted 27 January 2008 - 06:05 PM

When I open the McAfee Security Center and then left click on the Advanced Menu. Then left click on Reports and Logs. Select Recent Events and then left click on View log. Then I select the Internet & Network line. left click on the + sign to expand the options. Then left click on Inbound events to show the Inbound events. It shows the: Date/Time,Source IP,Host Name, and Event Information. At the bottom it has a Dtails box. Then next to that, there is a: "I want to:" box.

Now, When I look at a certain event, it gives the information, I can then select: trace the IP address,Trust the IP address or Ban the IP address. My first question is: How can I detemine if a certain IP is safe or not? Secondly, with tracing the IP address, and getting the name of the company or web site that registered the IP address. Does not always guarentee that it safe. It is just a computer trying to attempt an unsolicited connection. Then how can I make the determination as to allow access or to block it? Or is it even possible to make that decision with just that information? Would I have to do more searching?

Any help will be appreciated.

BC AdBot (Login to Remove)

 


#2 nigglesnush85

nigglesnush85

  • Members
  • 4,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:11 AM

Posted 27 January 2008 - 08:58 PM

Hello,
The simple answer is you will have to do more searching, but we are here to help.
The options you have are
Trace the IP address; This will show you exactly where the connection is coming from. (not 100% accurate in most cases)
Trust the IP address; This will create a rule that will allow the connection to be allowed into your computer (not advisable)
Ban the IP address; This will stop the connection with that address and not allow any connection from that IP (only advisable if the address is malicious)

These connections could be required for internet based applications to work correctly however some might not be, If you want to find out more about an IP address, then you can look at http://www.whois.net/ this will tell you with some degree of certainty who it is behind the IP. Then you can make a decission, Trial and error will probably be required for your situation.
Regards,

Alan.

#3 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:05:11 AM

Posted 21 February 2008 - 11:58 PM

Hello!

Sorry it took so long to write back. I could not remember where I had posted this question. I had done the visual trace in the McAfee program and I figured I would have to go to the http://www.whois.net/ site. But I thought there might be some other way besides that, to try and find information on the IP addresses. But I guess I will just have to go there and check them out and then based on what it says there, I might be able to do more research and then make a decision as to weather or not to trust the IP address or not.

Thanks for your help.

Sincerely,
Matt

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,989 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:11 AM

Posted 23 February 2008 - 12:35 AM

Hello Groffeaston,

I think this tutorial on IP Addresses will be helpful for you. It explains the kind of addresses the numbers stand for. If you know, for example, that an address is a private IP and you aren't on an internal network, then you know you should block that address.

Mostly, I block incoming traffic unless I have requested it or if a program I have permitted internet access has requested it. Your ISP may have an IP address or two that you should allow, but that isn't always the case. Also, if by chance when you research the IP address, just because it matches the name of your ISP, doesn't mean that you should allow it. It might be unsolicited and unnecessary traffic from another computer using the same ISP.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:05:11 AM

Posted 23 February 2008 - 09:16 PM

Hi Orange blossom!

Thanks again for the information. I will look at the tutorial to get a better idea of what the IPs addresses mean.

Matt

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,989 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:11 AM

Posted 24 February 2008 - 01:31 PM

You're welcome.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:05:11 AM

Posted 25 February 2008 - 01:46 AM

Hello Orange Blossom!

I checked out that tutorial. I do have one Question, But do not know if there will be a satisfactory answer to it or not. But here it is. Now once I do all this checking and I find out who the IP address belongs to. Before I block it, how will I know if it is not a third party contracted by one of the companies or programs that I have on my computer and they need acces to my computer to deternine how the computer is operating after a service call, as an example? Or that a certain program has an automatic operation such as an update feature and the manufacture sends the update out at a certain time and needs access to determine if the update was installed correctly and to determine if my computer is functioning properly after the update? How do I determine if these IP addresses are a third party service or from the origional company/person or a potential threat?

Thank you,
Matt

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,989 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:11 AM

Posted 25 February 2008 - 02:02 AM

Hello Groffeaston,

My suggestion is to do manual updates for all your programs and in doing so see what IP addresses these programs want to connect to. You can permanently allow the programs to connect to them. It is very unlikely that a third party will check your system to see if the update or installation was done correctly.

Note: Given the fact that you are on dial-up, you may wish to disable ALL automatic updates and update manually instead.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:05:11 AM

Posted 26 February 2008 - 12:51 AM

Hello agian Orange Blossom!

I think That sounds more and more like a good Idea going to manual update. I just hope I do not forget. :flowers: THen I might get a nasty surprise that I do not want! :thumbsup: But what about a third party for a service call or as some people call it, HELP!!!! I know some very reputable companies, outsource their callcenter calls and their online help to a third party that their center is in a country overseas. That may cause a problem with the IP address. Because it would not show up as the company that I think I am dealing with by the IP address. Say for example: Dell. Now I go online to their help page. Then depending on my problem, I am directed to a live computer Tech. Now that computer tech does not work for Dell but for another company that Dell hired to handle their service questions. And that tech help center is located in Hong Kong, lets say. Now the IP address would not register as a Dell company computer, but this other company's computer. Now depending on what the problem is they may need to monitor my computer's performance for predetermined amount of time that is set by the manufacturer, which is Dell. Now with me, not knowing the Ip address from which that they are looking and sending information from, to my computer. now I can not make a determination as to allow these other computers to access my computer. But then too, I also have to be aware of the possibility of allowing them access, could even provide access for malware and spyware unknowingly to my computer though them or from them. So it is as some would say: "damned if you do and damned if you dont!"

Sincerely,
Matthew

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,989 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:11 AM

Posted 26 February 2008 - 01:31 AM

Hello Groffeaston,

When you look up an IP address in http://www.domaintools.com/ or http://www.all-nettools.com/toolbox or http://www.whois.net/ they might tell you what purpose the company serves: Akamai (sp.?) technologies, for example, is used when updating ZoneAlarm.

Here's a couple things to help. When you manually update, note what IP address the program is trying to reach and look it up. That should tell you whether it is trying to reach a third party.

You can decide to block it once, and if there is a problem with updating, you will know that you need to allow it. If that same IP address is wanting to connect while you are doing the update you will know to allow it.

I have been known at times to block an IP address, then I had to go back and change it to allow. Remember, you can always reverse your decision. I tend to block rather than allow. I'd rather have to change an IP to allow rather than have something bad connect to my computer.

There are also certain IP addresses that I usually block, but permit only when doing certain updates. One of these is WGA wanting to send information out when I'm not updating Windows. I block that every time unless I'm updating Windows.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#11 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:05:11 AM

Posted 27 February 2008 - 11:17 PM

Hello again Orange Blossom!

Thank you for the information. I will keep that in mind when I go to update my files manually.

Sincerely,
Matt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users