For the attention of an IT bod
13 July 2001, 10:10 AM
#1
Scooby Regular
Thread Starter
Join Date: Feb 2001
Posts: 4,370
Likes: 0
Received 0 Likes
on
0 Posts
Help,
I have a cable modem
, and run zone alarm as a fire wall. I also have a net gear router 
to act as a gateway for other PCs (i.e. Childrens PC, laptop)
Until recently I have had no issues. Over the last few days I have had a slight problem. Zone alarm keeps stopping an out going connection to 207.91.106.5 port 1240, 1536, 1630 and 80 ? Does anyone know this IP address ?
Oh yes, and normally after the firewall stops the connection, explorer has an error and closes down ?
This doesn't happen all the time, just sometimes!!
Cheers in advance, Phill
[This message has been edited by babber (edited 13 July 2001).]
I have a cable modem
, and run zone alarm as a fire wall. I also have a net gear router to act as a gateway for other PCs (i.e. Childrens PC, laptop)Until recently I have had no issues. Over the last few days I have had a slight problem. Zone alarm keeps stopping an out going connection to 207.91.106.5 port 1240, 1536, 1630 and 80 ? Does anyone know this IP address ?
Oh yes, and normally after the firewall stops the connection, explorer has an error and closes down ?
This doesn't happen all the time, just sometimes!!Cheers in advance, Phill
[This message has been edited by babber (edited 13 July 2001).]
13 July 2001, 10:32 AM
#3
Scooby Newbie
Join Date: May 2000
Posts: 10
Likes: 0
Received 0 Likes
on
0 Posts
Phil,
What's the source application of the outgoing packets? It should say when it alerts you.
FYI: That IP belongs to Verio.net - a web hosting firm in Atlanta, Georgia. You can try emailing them at: vipar@verio.net and ask about that IP.
The system at that IP is running Apache WebServer on UNIX.
I would hazard a guess that despite your security precautions you have a "Zombie" a kind of Trojan Horse on your PC. It's "calling home" to it's author. I would recommend you block all outgoing packets at the firewall to this IP address and tighten up your security somewhat.
What OS are you running? Try
What's the source application of the outgoing packets? It should say when it alerts you.
FYI: That IP belongs to Verio.net - a web hosting firm in Atlanta, Georgia. You can try emailing them at: vipar@verio.net and ask about that IP.
The system at that IP is running Apache WebServer on UNIX.
I would hazard a guess that despite your security precautions you have a "Zombie" a kind of Trojan Horse on your PC. It's "calling home" to it's author. I would recommend you block all outgoing packets at the firewall to this IP address and tighten up your security somewhat.
What OS are you running? Try
13 July 2001, 10:46 AM
#5
Scooby Regular
Join Date: Jun 2000
Posts: 13,735
Likes: 0
Received 0 Likes
on
0 Posts
I think you'd be right to be wary of this one. Do let us know what the source application is for the request (Zone Alarm will show it in the logs, and alert you as to what is trying to do this).
The Web server there is running a blank index.htm page, which makes me suspect that it's used as a payload server - it stores nasty things that someone is trying to install on your machine.
Update your virus checker, keep zone alarm running...
The Web server there is running a blank index.htm page, which makes me suspect that it's used as a payload server - it stores nasty things that someone is trying to install on your machine.
Update your virus checker, keep zone alarm running...
13 July 2001, 10:54 AM
#6
Scooby Regular
Interestingly none of those ports (except for 80) is even open on that machine, can you sniff the packets and see if it's attempting to access a certain URI? Your browser crashes because your OS of choice is amazingly unstable.
Steve.
Steve.
13 July 2001, 02:08 PM
#7
Scooby Regular
Thread Starter
Join Date: Feb 2001
Posts: 4,370
Likes: 0
Received 0 Likes
on
0 Posts
All,
Currently running Win 98 SE.
Zonealarm has managed to block the out going packet every time, so I glad it's working as it should do.
Have disabled Netbios, file and printer sharing when I had the cable modem installed.
Have been using Norton anti virus with the latest updates, but shall try and get a newer version of updates tonight when I get in from work.
I have tried
Currently running Win 98 SE.
Zonealarm has managed to block the out going packet every time, so I glad it's working as it should do.
Have disabled Netbios, file and printer sharing when I had the cable modem installed.
Have been using Norton anti virus with the latest updates, but shall try and get a newer version of updates tonight when I get in from work.
I have tried
Trending Topics
13 July 2001, 03:37 PM
#8
Scooby Regular
Going off the subject a little.. i also have a cable modem, but at the moment i have to have my gateway PC turned on all the time to be able to share the connection with my PC upstairs, how else can i do this, i can't just connect a hub onto the modem can i?. Somebody mentioned a router, would this work and is it an expensive option. I just want to be able to turn one of my pc's on not have to have both on!!.
Any help gratefully received
<I><B>Andy A</I></B>
Any help gratefully received
<I><B>Andy A</I></B>
13 July 2001, 09:17 PM
#11
Scooby Regular
Thread Starter
Join Date: Feb 2001
Posts: 4,370
Likes: 0
Received 0 Likes
on
0 Posts
Avi,
Who's your ISP ?
I would go for a router, they provide an easy option to connect to the internet with many PCs. The cable modem works very well with it. You get the router Nic Mac added to your accounts with ISP and that's it.
Minor dramas backing up the router, but once configured correctly, you never need to touch it again
I use the Netgear RT311 DSL / CM router, very nice, with a dual speed 8 port hub. The router cost around £100. A better solution for a cheap home network would be the RT314. Same as above, but with a internal four port hub (also dual speed). I think about £130.
Details at
Who's your ISP ?
I would go for a router, they provide an easy option to connect to the internet with many PCs. The cable modem works very well with it. You get the router Nic Mac added to your accounts with ISP and that's it.
Minor dramas backing up the router, but once configured correctly, you never need to touch it again
I use the Netgear RT311 DSL / CM router, very nice, with a dual speed 8 port hub. The router cost around £100. A better solution for a cheap home network would be the RT314. Same as above, but with a internal four port hub (also dual speed). I think about £130.
Details at
14 July 2001, 10:36 AM
#12
Scooby Regular
Join Date: Oct 1999
Posts: 778
Likes: 0
Received 0 Likes
on
0 Posts
Yes I would agree with Phil as someone who has been helping small businesses connect their cable modems to their networks I would highly recommend the Netgear kit. We currently put in about 20 a week so any questions..........
It is amazing how many people think because it is a (cable) modem from a large telecoms company that they are somehow protected from the evil internet.
As a test one of my staff stuck an NT server with no protection on his cable modem at home and watched it take 80 serious attacks in a week and over 200 port sniffs..
One of the serious attacks ended up in someone using it as a store for their MP3 collection unfortunealty it was all japanese!!
It is amazing how many people think because it is a (cable) modem from a large telecoms company that they are somehow protected from the evil internet.
As a test one of my staff stuck an NT server with no protection on his cable modem at home and watched it take 80 serious attacks in a week and over 200 port sniffs..
One of the serious attacks ended up in someone using it as a store for their MP3 collection unfortunealty it was all japanese!!
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
33
29 August 2017 07:18 PM