It may seem like a dumb question, but I'm having a problem when looking at the Log Viewer program. My brother's computer is on 192.168.1.101 (a "non-routable" IP), and I'm getting all sorts of attempted connections from his IP address. Now, I'm not sure if he leaves his computer on all night, but when I look at the log, the attempted connections are during the time when he's asleep. As a precaution, I banned his IP address from accessing my computer through McAfee's firewall (I have Total Protection 2009).
Most of the attempts are NetBIOS datagrams, which the log viewer says are blocked, and everything's fine. However, when I see UDP 67 "Bootstrap Protocol Server" in the logs, it does NOT contain the message that the attempt was successfully blocked. I thought banning an IP meant banning it from ALL connections, but that's not what I'm seeing in the log viewer. Other connection attempts not marked as blocked are:
UDP port 3702
SSDP port 1900
Now the only ports I have open are "Common Operating System Ports" (whatever that means specifically), UDP 27733 and 3074 (for Enemy Territory: Quake Wars update server access), and "Universal Plug and Play (UPNP) Port 5000, 1900, 2869". If these ports are open, can a banned IP connect to them? If so, that should be corrected immediately - banned should mean totally banned. If not, can you verify that the numerous attempted connections are all blocked, and can you please persuade the programmers to make the log reflect that banned IP are indeed banned? Thanks 🙂
This behavior by my brother's computer has been going on for weeks (and copious activity in my logs makes me nervous). If you could possibly suggest a cause for his computer's weird connectivity, I'd appreciate any ideas you can recommend to make it stop.
One last question: where are the text files of the Log Viewer located? If they are in some sort of database within McAfee's software, is there any way to dump the log to a text file? It's not possible to copy text out of the log viewer, and I like being able to attach log files wherever possible. Thanks again