Should I trust this intruder?
Recently I have seen a lot of connection attempts to port 44642 being blocked by Norton. Is there a way of finding out where the connection attempt is coming from? Also is it safe to trust the address? If you take a look at the export log the host is host86-168-61113.range86-168.btcentralplus.com – is this BT Internet? I’m glad to see the firewall is doing a job of blocking attempts to access ports on my Mac, but I’m concerned about the amount that are coming from this address. Richard Olivier
This is just your firewall doing its job. The btcentralplus.com domain is indeed owned by BT and used to route traffic for its customers. If you use a tool such as ip-tracker.org, you can see that this host is located in the Sheffield area, but that’s not especially useful because hackers often route their traffic through other computers to make tracing them harder. Most probably, the numeric part is the IP address of some poor soul who has a Windows PC infected with a trojan that’s using his connection to launch exploratory attacks on random IP addresses.
You definitely shouldn’t tell your firewall to trust this address. In fact, you shouldn’t normally look at firewall logs at all. Firewalls exist to silently block these intrusion attempts, precisely so you don’t need to worry about them. In most cases there’s nothing useful that you can do to help.
Firewall logs may look rather scary, but all those intrusion attempts are just evidence of how well your firewall is keeping you protected.