| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 36643 | 2003-08-15 04:08:00 | Intruders | Martina (4232) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 167953 | 2003-08-15 04:08:00 | With W32/blaster in mind I updated/reinstalled lotsa things including the ZoneAlarm firewall. I now get a warning when something tries to access the Internet or access my pc from the Internet. In less than 1 hour I have had 14 attempted intrusions. Is this usual?? and how can I find out where the attempted intruder is coming from? The pop-up warning window gives the info "The firewall has blocked Internet access to your computer [TCP Port 135] from 203.79.81.178 [TCP port 3558] [TCP Flasgs: S]" where can I read up on this to find out what it means? Be gentle with me please, I'm not very pc literate but trying to improve. Thanks |
Martina (4232) | ||
| 167954 | 2003-08-15 04:30:00 | Double click on Task Bar icon for Zone Alarm, click on Help top right, click on IP address, Investigate source far left. Worth having a good scan through the Index for other info. | FrankS (257) | ||
| 167955 | 2003-08-15 04:39:00 | 14 attempted intrusions in an hour would not be unusual given what has been happening lately. TCP port 135 is what the Blaster worm uses to gain access to your computer. You presumably now have a correctly configured firewall which is blocking these attempts. You can turn down the alerts you get if they become annoying. :-) In ZoneAlarm I'm not 100% sure how to do it as I use Kerio. Feel safe anyway (for the moment) until a new trojan arrives. Keep up with virus definitions. I HOPE that was gentle enough. |
Elephant (599) | ||
| 167956 | 2003-08-15 04:59:00 | You may be interested in VisualZone, it is a program designed to run with ZoneAlarm and it carries out analysis of intrusions etc. I used to run it with ZA before switching to Kerio firewall, and found it very interesting. visualize.phenominet.com |
Terry Porritt (14) | ||
| 167957 | 2003-08-15 06:30:00 | > In less than 1 hour I have had 14 attempted intrusions . Is this usual?? Yes, that would be fairly 'normal' . Not all of those "attempted intrusions" are actually intrusions though, some are probably website that you are visiting giving you a 'ping' to see if you are still there or not and are quite harmless . Personally I would turn the notifications off - you don't really need to know about them all . There is a setting to disable them somewhere in ZA . |
Fire-and-Ice (3910) | ||
| 167958 | 2003-08-15 08:38:00 | For notifications off, 2 click Taskbar icon, Alerts& Logs, Alert events shown, Click (dot) off. Suggest go to Overview, Status, Tutorial as time permits |
FrankS (257) | ||
| 167959 | 2003-08-15 08:38:00 | Thanks a bundle guys/gals - I will plod on . Have a nice weekend - go go the AB's | Martina (4232) | ||
| 167960 | 2003-08-15 08:51:00 | Hi Martina, As you have just installed Zone Alarm it is in what it terms "learning mode". This means that when you start Internet Explorer to access the internet you will get a warning to notify you that (surprise, surprise) Internet Explorer is attempting to access the internet. This will occur for every program that accesses the 'net like Windows Update, Outlook Express, etc. All warning and alert pop-up boxes have a small box that says "Do you wish to see this warning again? By answering "No" obviously you won't get the warning for that particular program. It is designed so that you can learn and permit different programs to access the internet and stop spyware and trojans from accessing the internet. So if Zone Alarm say that such and such a program wants to access the 'net and you don't know what it is you can check it out on Google (http://www.google.co.nz) or some other site. ;) As has been mentioned port 135 is the Windows Pop-up Messenger service that is the reason for your sudden rush to update and reinstall lotsa things :) The Zone Alarm pop-up alert window has an option to "Find Out More" as well. This will take you to the Zonelabs site and give a verbose message about the purported "attack". HTH |
Gorela (901) | ||
| 167961 | 2003-08-15 08:59:00 | Hi Gorela Thanks for your reply, all is much clearer now. This Blaster thing doesn't seem to be the B-I-G problem I thought it was going to be, had me in a tizz-wozz for a day or so. Thanks again. |
Martina (4232) | ||
| 167962 | 2003-08-15 12:43:00 | My firewall usuually shows an intrusion alert maybe once a month. | vk_dre (195) | ||
| 1 2 | |||||