1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Microsoft Local Security Authority Shell

Discussion in 'Security and Privacy' started by Christer, 2007/04/13.

  1. 2007/04/13
    Christer

    Christer Geek Member Staff Thread Starter

    Joined:
    2002/12/17
    Messages:
    6,585
    Likes Received:
    74
    Hello all!

    Norton Internet Security alerted me of:

    "A remotely connected computer is attempting to use Microsoft Local Security Authority Shell on your computer" and recommended to "Always Allow ". It was connecting through 85.228.194.71:500

    This has happened a few times during the most recent weeks and I have done as I was told (always allowed) but immediately removed the entry from the FireWall settings (which is why I know it came back).

    Does anyone know what is happening?

    What would the effect be of "Always Denying "? I know that it would not be able to connect ... ;) ... but would I actually prevent something good from happening? (I have done well without it this far!)

    Christer

    BTW: XP pro SP2
     
    Christer,
    #1
  2. 2007/04/13
    Whiskeyman Lifetime Subscription

    Whiskeyman Inactive Alumni

    Joined:
    2005/09/10
    Messages:
    1,772
    Likes Received:
    37
    http://www.seifried.org/security/ports/0/500.html

    Your computer is probably being probed. Block Port 500 inbound and outbound.


    (Asked whois.ripe.net:43 about 85.228.194.71)
    inetnum: 85.224.0.0 - 85.231.255.255
    netname: SE-CYBER-20041217
    descr: Bredbandsbolaget AB
    country: SE
    org: ORG-BA31-RIPE
    admin-c: BR3045-RIPE
    tech-c: BR3045-RIPE
    status: ALLOCATED PA
    mnt-by: RIPE-NCC-HM-MNT
    mnt-lower: B2-MNT
    mnt-routes: B2-MNT
    mnt-domains: B2-MNT
    source: RIPE Filtered
    organisation: ORG-BA31-RIPE
    org-name: Bredbandsbolaget AB
    org-type: LIR
    address: Katarinavagen 15
    address: SE-10265
    address: Stockholm
    address: Sweden
    phone: 46 8 50698300
    fax-no: 46 8 5490 4608
    admin-c: SM1584-RIPE
    admin-c: LP3122-RIPE
    admin-c: TYNF-RIPE
    admin-c: TN2809-RIPE
    mnt-ref: B2-MNT
    mnt-ref: RIPE-NCC-HM-MNT
    mnt-by: RIPE-NCC-HM-MNT
    source: RIPE Filtered
    role: Bredbandsbolaget Routing Registry
    address: Box 47645
    address: 117 94 Stockholm
    address: Sweden
    remarks: trouble:
    remarks: trouble: Abuse related issues is reported
    remarks: trouble: to abuse@bredband.com

    remarks: trouble: phone 46 586 65485
    remarks: trouble: Abuse issues sent to other e-mail
    remarks: trouble: adresses will be discarded
    remarks: trouble:
    admin-c: TN2809-RIPE
    admin-c: JN1883-RIPE
    admin-c: EB78-RIPE
    admin-c: NE102-RIPE
    admin-c: ARL1-RIPE
    admin-c: TYNF-RIPE
    tech-c: TN2809-RIPE
    tech-c: JN1883-RIPE
    tech-c: EB78-RIPE
    tech-c: NE102-RIPE
    tech-c: ARL1-RIPE
    tech-c: TYNF-RIPE
    nic-hdl: BR3045-RIPE
    mnt-by: B2-MNT
    source: RIPE Filtered
    abuse-mailbox: abuse@bredband.com

    abuse-mailbox: abuse@bredband.com

    route: 85.224.0.0/13
    descr: Broadband Customers in Scandinavia
    descr: Please report improper use to abuse@bredband.com

    origin: AS8642
    mnt-by: B2-MNT
    source: RIPE Filtered
    route: 85.224.0.0/13
    descr: Broadband Customers in Scandinavia
    descr: Please report improper use to abuse@bredband.com

    origin: AS2119
    mnt-by: AS2119-MNT
    source: RIPE Filtered
     
    Whiskeyman,
    #2


  3. to hide this advert.

  4. 2007/04/13
    Christer

    Christer Geek Member Staff Thread Starter

    Joined:
    2002/12/17
    Messages:
    6,585
    Likes Received:
    74
    Whiskeyman,
    thanks for the analysis!

    "Bredbandsbolaget AB" is my ISP but I have no idea about what they might be up to. I will send a mail and ask them.

    I can't find anywhere to block specific ports in NIS 2005 but the next time the alert pops up, I will deny permanently.

    Christer
     
    Christer,
    #3
  5. 2007/04/14
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    Depending on your network setup, you may need to allow the connection, esp if your modem is connected directly to the computer. Though I have never seen this as a requirement on US Internet providers. Port 500 is used for security type authentications:
     
    TonyT,
    #4
  6. 2007/04/15
    Christer

    Christer Geek Member Staff Thread Starter

    Joined:
    2002/12/17
    Messages:
    6,585
    Likes Received:
    74
    TonyT,
    I don't have a modem, the NIC connects directly to a socket in the wall. Well, it used to until I also changed my phone service to the same company. Since then, there is a box to connect the phone/fax and to connect up to four computers but it is not a modem as such, it is more like a "splitter ".

    The alert came back a few minutes ago and I denied permanently. I guess I will notice any bad side effects of that action.

    Christer
     
    Christer,
    #5

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...