Hacker - ZoneAlarm
#1
Hi all.
Ive just installed this firewall utility on my home pc, and have had four hack attempts like the one shown below in 15 mins!!
This programme is 1.7 Mb and I recomend it to anyone accessing the internet via modem etc.
I cant believe its so easy, and wonder how many peep have been on my pc before I got this.
Ive just installed this firewall utility on my home pc, and have had four hack attempts like the one shown below in 15 mins!!
This programme is 1.7 Mb and I recomend it to anyone accessing the internet via modem etc.
I cant believe its so easy, and wonder how many peep have been on my pc before I got this.
#2
Scooby Regular
Join Date: Mar 2001
Location: Derbyshire
Posts: 4,496
Likes: 0
Received 0 Likes
on
0 Posts
You don't happen to use BT as your ISP do you?
Just that I checked out that IP address and it looks like the BT ISP.
Not that I'm knocking zone alarm, as it is a top product. Just that a lot of ISPs ping you or check to see who is on. I get one from NTL every time I log on.
Just that I checked out that IP address and it looks like the BT ISP.
Not that I'm knocking zone alarm, as it is a top product. Just that a lot of ISPs ping you or check to see who is on. I get one from NTL every time I log on.
#3
Scooby Regular
Join Date: May 2001
Location: Scotland
Posts: 4,580
Likes: 0
Received 0 Likes
on
0 Posts
I can't say I've ever heard of ISP's pinging you see to who's on...
Far more like someone "sniffing" a wide range of IP addresses. Commonly this method is used to check for trojans or backdoors on PC's on the net.
My PC gets hit loads of times, I'm on a permanent broadband connection, no way should any pc be on the net without some sort of personal firewall.
Far more like someone "sniffing" a wide range of IP addresses. Commonly this method is used to check for trojans or backdoors on PC's on the net.
My PC gets hit loads of times, I'm on a permanent broadband connection, no way should any pc be on the net without some sort of personal firewall.
#4
Scooby Regular
Join Date: Mar 2001
Location: Derbyshire
Posts: 4,496
Likes: 0
Received 0 Likes
on
0 Posts
Oops Apologies if I mislead anyone then
I'll stick to watching TV
Agree with mega_stream though....get a firewall, it makes you so much more paranoid, but safe
I'll stick to watching TV
Agree with mega_stream though....get a firewall, it makes you so much more paranoid, but safe
#5
'tis certinary not a ping, that would be a ICMP packet - and they dont strictly have ports..
If your on BT Openworld then your probably NAT'ed which means the likelyhood of a scan is small.
If your on BT Openworld then your probably NAT'ed which means the likelyhood of a scan is small.
#6
Scooby Regular
Join Date: Mar 2001
Location: Derbyshire
Posts: 4,496
Likes: 0
Received 0 Likes
on
0 Posts
Alright then helpful folk (you seem to know a lot more about this than me )
Why is it <I>every</I> time I log on, I get a warning from zone alarm...in this session, from 62.255.173.56 (TCP Port 1443) which when queried on RIPE, <I>always</I> comes back as NTL internet?
I'm confused
Why is it <I>every</I> time I log on, I get a warning from zone alarm...in this session, from 62.255.173.56 (TCP Port 1443) which when queried on RIPE, <I>always</I> comes back as NTL internet?
I'm confused
#7
If it was a ping, it would be an ICMP request much like the ones I keep receiving from NTL:
The firewall has blocked Internet access to your computer (ICMP Unreachable) from 62.253.128.3.
Occurred: 7 times between 11/10/01 20:15:46 and 11/10/01 21:03:38
The original poster is getting requests on port 80 (HTTP) -- it may be a host looking for a swiss-cheese IIS server or it may be a search engine looking to see if there are any pages. Nothing to worry about. When there's a major virus about like Code Red, expect to get hundreds of these an hour.
Hanslow, OTOH is getting a request on port 1443 which is listed on
The firewall has blocked Internet access to your computer (ICMP Unreachable) from 62.253.128.3.
Occurred: 7 times between 11/10/01 20:15:46 and 11/10/01 21:03:38
The original poster is getting requests on port 80 (HTTP) -- it may be a host looking for a swiss-cheese IIS server or it may be a search engine looking to see if there are any pages. Nothing to worry about. When there's a major virus about like Code Red, expect to get hundreds of these an hour.
Hanslow, OTOH is getting a request on port 1443 which is listed on
Trending Topics
#8
Scooby Regular
Join Date: Mar 2001
Location: Derbyshire
Posts: 4,496
Likes: 0
Received 0 Likes
on
0 Posts
Hmmm, all sounds gobble-de-gook to me
Think I'll leave all this to the professionals and just assume it's all doing it's job properly
Please disregard all my posts in this thread Thought I knew what I was saying but seems I was talking a crock of poo. Back to school for me
I'm glad <I>some</I> people know what they are talking about
Think I'll leave all this to the professionals and just assume it's all doing it's job properly
Please disregard all my posts in this thread Thought I knew what I was saying but seems I was talking a crock of poo. Back to school for me
I'm glad <I>some</I> people know what they are talking about
#9
"ICMP unreachable"
is not a ping, that would be "ICMP Echo Request" or "ICMP Echo Reply". ICMP (Internet Control Message Protocol - er I think ) is all part of how wonderful TCP/IP works and contains some very useful and necessary messages controlling how your connection behaves. Unfortunatley some people have found ways to use this to your disadvantage which is why Personal Firewalls are selective about which "type" ICMP packets they block. ICMP unreacable messages occur (under normal circumstances) when you try to reach an IP address which is errm unreachable. The router will helpfully let your PC know that your packet can go no further. They can be used for Denial-of-service attacks, but I would doubt this was an actual attack on you. More like a genuine part of TCP/IP which a slightly paranoid Personal Firewall has decided to block.
Deano
is not a ping, that would be "ICMP Echo Request" or "ICMP Echo Reply". ICMP (Internet Control Message Protocol - er I think ) is all part of how wonderful TCP/IP works and contains some very useful and necessary messages controlling how your connection behaves. Unfortunatley some people have found ways to use this to your disadvantage which is why Personal Firewalls are selective about which "type" ICMP packets they block. ICMP unreacable messages occur (under normal circumstances) when you try to reach an IP address which is errm unreachable. The router will helpfully let your PC know that your packet can go no further. They can be used for Denial-of-service attacks, but I would doubt this was an actual attack on you. More like a genuine part of TCP/IP which a slightly paranoid Personal Firewall has decided to block.
Deano
#10
Port 1443 seems also to be the management port of "webstar" a web server.
Maybe someone scanning IP adresses for active Webstar servers because they know a backdoor in.
Or a genuine error on someones management configuration
Or there is someone who runs a webstar server on a dial-up link and they managem it from elsewhere and they had your address last time......
OK I don't know
Maybe someone scanning IP adresses for active Webstar servers because they know a backdoor in.
Or a genuine error on someones management configuration
Or there is someone who runs a webstar server on a dial-up link and they managem it from elsewhere and they had your address last time......
OK I don't know
#13
<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:<HR>Originally posted by dsmith:
<B>"ICMP unreachable"
is not a ping, that would be "ICMP Echo Request" or "ICMP Echo Reply". ICMP (Internet Control Message Protocol - er I think [/quote]
Yes, I know pings (or PINGs) are ICMP Echos and Echo requests, but I took the firewall message as saying that it had received an echo request and because it is running in 'stealth' mode the remote end has got ICMP Unreachable because the IP address is, er, unreachable.
<B>"ICMP unreachable"
is not a ping, that would be "ICMP Echo Request" or "ICMP Echo Reply". ICMP (Internet Control Message Protocol - er I think [/quote]
Yes, I know pings (or PINGs) are ICMP Echos and Echo requests, but I took the firewall message as saying that it had received an echo request and because it is running in 'stealth' mode the remote end has got ICMP Unreachable because the IP address is, er, unreachable.
#15
Thanks to all who relied. It seems that this zone alarm is deffinatley a good idea.
I am on BT internet. I may be imagining it, but seems like my connection is going a little faster too? Could this be possible or is it just fewer people on the net last night (because scooby net was bust )
I am on BT internet. I may be imagining it, but seems like my connection is going a little faster too? Could this be possible or is it just fewer people on the net last night (because scooby net was bust )
#16
I have been using Zone Alarm for a year. I get on average 100 attacks a day. I have given up taking much notice and just let them get blocked.
You should also be looking into these things. I use housecall, it works well.
Online Virus Scanners:
http://www.symantec.com/securitycheck/
http://housecall.antivirus.com/
Ad-Aware:
http://download.cnet.com/downloads/0...0014..dl-63806
This nifty program scans your computer for ad-monitoring software and spyware. These nasty pieces of filth can cause crashes and slowdowns on your computer, and also report personal data back to the programmers. Kazaa and other ad-sponsored programs are well-known for this. Run Ad-Aware to detect and remove these security risks.
First time i ran this i found 156 trojens running on my PC sending my personal details out to web sites. It's scary what's going on in the background you havent a clue about!
[Edited by johnfelstead - 14/10/2001 20:09:09]
You should also be looking into these things. I use housecall, it works well.
Online Virus Scanners:
http://www.symantec.com/securitycheck/
http://housecall.antivirus.com/
Ad-Aware:
http://download.cnet.com/downloads/0...0014..dl-63806
This nifty program scans your computer for ad-monitoring software and spyware. These nasty pieces of filth can cause crashes and slowdowns on your computer, and also report personal data back to the programmers. Kazaa and other ad-sponsored programs are well-known for this. Run Ad-Aware to detect and remove these security risks.
First time i ran this i found 156 trojens running on my PC sending my personal details out to web sites. It's scary what's going on in the background you havent a clue about!
[Edited by johnfelstead - 14/10/2001 20:09:09]
Thread
Thread Starter
Forum
Replies
Last Post
Rich Curtis
Computer & Technology Related
3
04 October 2003 09:50 PM