Norton firewall

[NikoTak 0]

Since yesterday, several players using Norton's firewalls are having troubles when playing Operation Flashpoint Resistance on our server (LOL Coop Majors), and that including myself.

As soon as mission starts (it doesn't happen in lobby) Norton is detecting an intrusion attempt. Here's some more details:

Quote[/b] ]Intrusion attempt "BD BackOrifice 2000 UDP Activity" against your computer detected and blocked.

Intruder : game.nakedsquid.com( 83.170.75.48 )(2302). --> our server IP

Risk : High.

Protocol : UDP.

Attacked IP : 0.0.0.0.

Attacked Port : 2304.

Norton blocks the IP for 30 minutes, wich makes the server completely invisible for the user. The only way to play again on the server is to restart the computer to get rid of the 30 minutes block and to put the server's IP in the "allowed and trusted IPs" list in Norton's options.

Someone told me it could be a "false positive" due to a new virus definition, and I'd say it could be possible, as it does the same on every dedicated servers I'm trying to play on.

What can we do? Any advices? Is there a way to report this to Symantec if it's the case of a "false positive" problem?

Thanks for reading me and for any help you may provide.

[Stuphor 0]

I had this problem tonight on the CiA server.

Will adding the ip address of the server to your allowedlist prevent this? It was very frustrating tonight and I missed two games!!

If you find asolution let me know.

[TwentyFourSeven 0]

BackOrifice was a hack tool used to scan others pc's, i remeber a version I saw back in 1999 when I was working for a computer agency (then windows 95). We tested this out in the office on our Intranet system and it was great viewing each others screens, but obviously a potenial nightmare in a hackers grasp. (great name lol)

Are you sure its a false reading?  And not something connected with server?

Perhaps all of you who dont have norton have it and your firewalls not picked it up?  I do hope nobody is hacking the server.

But I do know theres something up with norton and ports scan.  As my Norton always says everytime Im online with flashpoint  Port Scan detected and its my own IP its blocked lol.. Yet I can still play freely

[Stuphor 0]

247, so is it safe to allow access from the server through the security setings or what?

Do you have a solution to this problem or is it a server problem.

When you say server do youmean individual servers or the gamespy server?

[TwentyFourSeven 0]

Id hang on and wait for some confirmation from Norton before allowing or if anyone else has knowledge on this.  Ive emailed Norton myself to try and get some clarity on the subject. Last time I emailed them it took 11 days for a reply lol.

When I was saying server I meant individual servers you find on Gamespy.  ITs more than likely a Norton hiccup though, but its better to be safe then sorry.

[Stuphor 0]

thnaks for the info 24/7.

I'm running a virus and spyware scan just in case.

Do you think we all should contact Nortonto see if we can speedup the responce?

If you get a reply will you post it here as well?

[NikoTak 0]

Personally, it happens on every dedicated server I tried to play on. I didn't tried those on gamespy as I don't have it installed. That's why I think it's a norton problem... well I hope so!

[sicilian 0]

Yes it is Symantec related. The intrusion detection update from 11/05/05 caused this. To improve it configure the intrusion detection for "BD BackOrifice 2000 UDP Activity" over the advanced button on the intrusion detection tab.

[Stuphor 0]

sicilian,

Can you just give me a few more details on how to do this. I am a bit of a noob when it comes to this sort of thing.

Any help would be apprieciated.

Thanks for the info.

[sicilian 0]

As I said...

Double click the firewall symbol in your tray then click the intrusion detection button. After that click configure. On the next window you should see an advanced button somewhere.. click it. Then search for "BD BackOrifice 2000 UDP Activity" and deactivate it.

Ready

[NikoTak 0]

You will be exposed to a real "BD BackOrifice 2000 UDP Activity" attack if you proceed that way. It is probably safer to add the IPs in the trusted IPs list.

[walker 0]

You will be exposed to a real "BD BackOrifice 2000 UDP Activity" attack if you proceed that way. It is probably safer to add the IPs in the trusted IPs list.

Hi all

sicilian's suggestion is a No No.

NikoTak Solution is the slightly safer one.

I would suggest making it for a seperate user account you can call GameUser or some such.

Seperate windows user accounts with access to certain areas of your computer and hard drive, rather than just using an admin account is also worth investigating. This also works better and lags less, as you can set your game account up to not load up all the other programs such music and chat programs running in the background. You can even set it up to only run from a particular drive and make all your other data completly inaccessable. Few people use their windows user account set ups as much they should.

Getting back to Norton:

It may be worth creating a special rule to permit access based on several criteria, port, program and IP list.

Read your Norton fire walls help files on how to create such a rule.

Kind Regards Walker

[sicilian 0]

It is hard work to find out the servers ip addresses and add all to the trusted list... very much fun! tell me how much time does it take you to find out all your favorite server ips and to add them? Or how will you play on any random public server then without setting the firewall rules before every server change?

Until symantec is providing a new update I would prefer to let this "activity" through.

[TwentyFourSeven 0]

I got my email returned as failed, So ive spammed their Comments feedback with the same problem about 5 times.  It seems Norton dont give a hoot about customer feedback unless you pay for a help fix.   Ive wrote a letter of complaint and to say Im pee'd off with Norton is an understatement.  

Ive tried to find a working email for them but not a chance.  Its the weakest Support company ive ever seen.  Seems we are at the mercy of an update or changing firewalls

I know AOL has a bad rep but anyone out there who does have AOL they do supply McAfee Security free firewall to download. Its a short term fix until Norton sort themselves out.