second life keeps being blocked

Details: Attempted Intrusion "NMap Null Scan" against your machine was detected and blocked.
Intruder: sim7749.agni.lindenlab.com(12043).
Risk Level: Medium.
Protocol: TCP.
Attacked IP: xxxxxxxxxxxxxxxxxxxxxxx
Attacked Port: 2907
........................

is there a way to turn this off or is it agood thing its on?

its Norton08
And I know you'll say don't use norton, Well that won't fix the problem, I'm asking if anyone knows a checkbox to undue what it seemed fit to be doing here in the first place.
thanks

A null scan is simply an attempt to find open ports on the remote system. Both hackers and legitimate services use this method. That it was blocked was essentially a good thing, and you have nothing to worry about.

edit: as long as you can log in, anyway

Norton is a bloated piece of excrement. Purge it from your machine.

Replace with Kaspersky, NOD32 or some other decent antivirus.

Norton does only one good thing... it slows down your Computer so you can count the bits that run thru it... So the best thing to do is get rid of Norton Software...

There should be somewhere in Norton that allows you to tell it what applications you wish to use such as Firefox, Secondlife, etc. Probably under Firewall>Programs or something like that.

There is also a way to run it that will give you a popup alert when something tries to send data in or out and you can tell it whether to allow or deny it.

OK, if this is Norton Internet Security 08, fire up the main console. One of the options should be firewall. On that page, there should be either a tab for programs or an advanced button (I forget which). On that screen, there is a place that lists what programs are allowed/blocked. You can change SL to allow from there. I've had friends accidentally block all on their browser, then ask me to help fix it for them.

When you are up for renewal, I would definitely recommend switching from Norton Slow PC 2008 to another brand. I have had good luck with Trend Internet Security 09....doesn't seem to kill performance like norton, and can be installed on 3 PC's.

Guys, you're confusing the issue.

1. This was her Norton firewall blocking the SL service from scanning her computer for an open port. *NOT an application trying to access the SL service.* It's nothing to worry about, perfectly normal behavior, and that the firewall blocked the null scan is a *good* thing.

2. Removing Norton does not solve null scans. They happen whether you're using Norton or anything else, because that's how things work out there on the Intarwebz.

3. Telling the OP to replace her virus scanner is (a) useless in this case, and (b) a non-answer. She wanted to know about null scans, not blocked applications, Norton bloatware or whatever else.

I run Norton and it doesn't slow my system at all - because it doesn't run it in the background. It runs only when I tell it to run, and I use a separate product for the firewall anyway. Bottom line: she's fine.

Nmap is a scanning tool used to find out what ports on your computer or firewall (if you have one) are exposed to the Internet. Norton thinks someone or something at the server known as sim7749.agni.lindenlab.com has tried to scan your system to see if that port is exposed.

Nmap scans have a certain fingerprint that Norton and other defense tools can recognize. However this may be a false positive by Norton and may not mean anything. Anyone know if this port (2907) is used by SL to communicate?

BTW, Kasperski is a great product, but their database containing all their customer information was broken into a few days ago by a hacker from Romania. The information has been published on the Internet.

Yes, that is correct. Legitimate services as well as hackers use this tool. In this case, the "someone or something" was a grid server (agni) at LL. The scan was likely blocked out-of-hand, as any scan from Nmap would be.

Why would the server scan for a port if it wasn't going to use it?

Ah. Most of the time, it's the server's way of looking to see if you're still connected to it. Many web servers do this very same thing.

*Not being a server tech, I have no idea if those same servers use Nmap or not, or in this way. But I do know that many indeed do, and apparently, so does LL. It's also used to identify the OS and application version running on remote clients.

edit: here's a nice little article thingie on Nmap, if anyone's intrested.

http://en.wikipedia.org/wiki/Nmap