Should I trust this in­truder?

Mac Format - - MAC SOS -

Re­cently I have seen a lot of con­nec­tion at­tempts to port 44642 be­ing blocked by Nor­ton. Is there a way of find­ing out where the con­nec­tion at­tempt is com­ing from? Also is it safe to trust the ad­dress? If you take a look at the ex­port log the host is host86-168-61113.range86-168.bt­cen­tralplus.com – is this BT In­ter­net? I’m glad to see the fire­wall is do­ing a job of block­ing at­tempts to ac­cess ports on my Mac, but I’m con­cerned about the amount that are com­ing from this ad­dress. Richard Olivier

This is just your fire­wall do­ing its job. The bt­cen­tralplus.com domain is in­deed owned by BT and used to route traf­fic for its cus­tomers. If you use a tool such as ip-tracker.org, you can see that this host is lo­cated in the Sh­effield area, but that’s not es­pe­cially use­ful be­cause hack­ers of­ten route their traf­fic through other com­put­ers to make trac­ing them harder. Most prob­a­bly, the nu­meric part is the IP ad­dress of some poor soul who has a Win­dows PC in­fected with a tro­jan that’s us­ing his con­nec­tion to launch ex­ploratory at­tacks on ran­dom IP ad­dresses.

You def­i­nitely shouldn’t tell your fire­wall to trust this ad­dress. In fact, you shouldn’t nor­mally look at fire­wall logs at all. Fire­walls ex­ist to silently block th­ese in­tru­sion at­tempts, pre­cisely so you don’t need to worry about them. In most cases there’s noth­ing use­ful that you can do to help.

Fire­wall logs may look rather scary, but all those in­tru­sion at­tempts are just ev­i­dence of how well your fire­wall is keep­ing you pro­tected.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.