My Norton Firewall caught an intruder about a week ago, I kind of put it off, but now I really want to know who it was and confront them. I do have their IP, here's the report I got:

First, please remove your IP. Second, it is not an intruder, it was probably a routine ping from your cable provider's DNS server. That IP resolves for Rogers Cable, Inc., DNS servers. Most responses on port 53 are from a DNS inquiry. What possibly happened was during a routine DNS lookup, you had a brief interruption, and the DNS server was pinging back to see if you were still there. Nothing to worry about or report.

Now, if your ISP isn't Rogers ... well that's another matter.

Oh okay, thanks, that had me worried because I'd never been hacked (that I know of) before. The weird thing is, this firewall came as part of the package from Rogers ISP :p

I can't find the button for editing post, it's not where it usually is in phpbb, so not sure how to remove IP.

Right, for some reason I don't understand, posts in this forum can't be edited. I will notify a moderator and ask that they edit it for us.

Thanks, I'll try to remember to X that out if it happens later.

I got another one:

Did you delete "Default Incoming DNS Rule" firewall rule in advanced tab? It sound that you deleted this critical rule in advanced tab.

Open Norton Control Panel, click on "Firewall" then click "Advanced" tab then click "System" button. Look for "Default Incoming DNS Rule" firewall rule in system rules. If not exist then you did deleted it. Please add "Default Incoming DNS" firewall rule and select "Permit" then select "Incoming to your computer" then select "UDP" then add "53" to entry. Make sure only UDP port 53 is listed. Then name the description (same as title I told you). Then select "Default and Home" then click "OK".

I know Norton Firewall will allow any remote IP to send UDP 53 but like me, you are using Rogers High Speed Internet Service, the router in the network do not allow UDP 53 from anyone except Rogers DNS server. It is external router, not your computer so you don't have to worry about port 53. Also, external router blocks port 135, 136 to 139 and 445. It also filter port 25, 53 and 123. You are responsible for all other ports. If you keep firewall rules at default, this firewall will block all other ports.

I am Rogers High Speed Internet subscriber just like you but never receive Intruder alert from Rogers Servers because I configured firewall rules correctly.

Well, this one is not from Rogers. That IP comes back to Russia:

Oh! It may not be default firewall rule problem; you previously had malware installed or not! If you remove the malware, the attackers will try to access the malware (removed) in your machine and failed so they scan ports to find if there is any other malware(s).

I am lucky that I never to be attacked by the attackers who spoof source port number because I never had a malware or a virus before.

You can turn off "notification". Go to IPS screen and click "Advanced.." then search for Portscan then click Portscan and click "Properties" then untick "Notify or Alert me" but leave "blocking" on.

OR you can enable inbound firewall (Windows Firewall or wireless router or cable router) in addition to Norton Firewall.

Inbound firewall is Windows Firewall builtin into Windows XP Service Pack 2.

NIS 2007 (not NIS 2006) will use inbound firewall feature (Windows XP firewall) as secondary firewall.

Yes, you are correct. Have more than one third-party firewall (exception of Windows Firewall) will cause conflicts with each other. Most third-party firewalls don't conflict with Windows Firewall OR Router's external firewall.

Anyway, I have old (Rogers ISP supplied) NIS 2006 installed and turned off Windows Firewall because I have LinkSys 802.1n wireless router that have built-in inbound (SPI) firewall so I don't need Windows Firewall. My Norton products don't have any issues with router's external firewall.

Ah, I'll keep the alerts on, but thank you for telling me that it's just some dude trying to access Malware and failing horribly either because of the wall or absence of malware to circumnavigate it.

I got a different one this time. It says high risk, and at the same time I got the warning, it also said that Norton deleted a virus on my system, so it's definately bad. Norton must be pretty good to be getting all these, as I assume they'd be top of the line viruses... perhaps I should work for them!