babber

I keep getting a silly smiling face coming up on my PC by the Zonealarm icon. Anyone know what thats all about ?

I'm sure something is up with my PC, as it so slow over the past few days. Is it possible to open a port without me knowing ? How would I check that out ?

Is it time for a new O/S load?

Cheers Phill C

HHxx

Open up ZA, goto Programs tab and see the application with the Face.

babber

Looked nothing there

Cheers Phill C

106rallye

Are you sure its not adsubtract? that looks a bit like a smily face. It has been given away with zone alarm pro recently I think?
Have a look here http://www.adsubtract.com
Cheers

Andy

babber

Was it part of the Zonealarm pro install file ?

I'll have a look once I get home.

Cheers Phill C

jbryant

If it's on your systray, then double click on the icon to bring up ZoneAlarm, and then look on Alerts tab. You'll probably see that ZoneAlarm has prevented someone from accessing your PC (Message along the lines of 'ZoneAlarm has prevented *** type of access from **.**.**.** IP address')

Sounds as though it may just be doing its job. Main thing to be wary of is when an application asks for server access. Make sure you trust the software and that you want this app to have incoming AND outgoing access to the net before agreeing. Otherwise if it is a trojan then you're letting it have access to your PC.

Joolz

babber

Something else I've noticed over the past few days is when Zonealarm stops Explorer connecting to the internet, it was reporting a 127.0.0.1 IP, which is TCP IP Stack isn't it ?

Just done it again and it was a 192.168.x.x IP address, my router. What the **** ????

I really worried, what should I do.

Cheers Phill C

PS No meation of that other program in zone alarm.

babber

An how would I know I had a trojan, Norton (updated 23/1) said system is fine.

Should I scan my ports ?

Cheers Phill C

PS Will try grc.com

mega_stream

What OS r u running

babber

98SE

Just been chatting to my mate about Linux, might give it a try Pissed off with windows!!!

Cheers Phill C

babber

Forgot to say when the 127.0.0.1 IP address was shown, it always used a differnt port to the last time!!!Started at 10?? and went up by one each time I connected

And what is all this Qmanager and update ****e all about ??

Getting really drama'ed up now

Cheers Phill C

PD edited cause I have my thorn goggles on and am ranting



[Edited by babber - 1/27/2002 10:04:41 PM]

stevem2k

127.0.0.1 is loopback, so no stress there :-)

Bin the zonealarm and get a proper firewall, especially if you have a 24/7 connection ( cable/dsl ).

Qmanager is M$ guff that reports when Internet Exploder crashes, Update is critical update notification, both from the Beast of Redmond(tm).

Steve

[Edited by stevem2k - 1/27/2002 10:36:28 PM]

babber

Yes a Unix firewall is what I need I think, got a router with so say firewall protection.... Not that great. Saw a site somewhere that gave away a OS that booted from a floppy, on something like a pentium 133, two network cards, that was it, great. Sure you telnet into the box

But why do a IP stack loopback one minute then connect through the router IP the next

Cheers Phill C

PS at the end of the day a major ISP can get it's server hacked, so not surprised mine has been.

stevem2k

got a spare bunch of crap bits floating about ? www.smoothwall.org. It's the dogs.

Nice interface, stable 2.2 kernel, IDS, built in squid proxy, even VPN's. Running in 30mins.

Don't worry about hacking attempts, I get somewhere between 20 and 100 real attempts per day.

Steve



[Edited by stevem2k - 1/27/2002 10:50:06 PM]

babber

stevem2k,

Fair play you've lost me. I'll take a look, thanks mate

Cheers Phill C

babber

I always get ICMP ping requests and other scans / attempts on a daily basis, just that the little smiling face is getting on my ****.... I can't capture the picture and post, as it isn't there at the moment.

Another thing is I'm testing another type CM for a Broadband operator, and could do without this ****....

Cheers Phill C