Results 1 to 7 of 7

Thread: Losing the Internet connection, have to reboot to restore it

  1. #1
    aximon Guest

    Default Losing the Internet connection, have to reboot to restore it

    2-3 times a week the computer loses access to the internet. Sometimes it is a wireless connection, other times an ethernet connection to the Linksys router. Rebooting the computer restores the connection. Some of the messages on this forum suggest I should be setting the router, DHCP and DNS addresses to Trusted in the firewall. Is that true and if so, why is it not mentioned in the installation instructions, or did I miss it?

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Losing the Internet connection, have to reboot to restore it

    "Some of the messages on this forum suggest I should be setting the router, DHCP and DNS addresses to Trusted in the firewall. Is that true and if so, why is it not mentioned in the installation instructions, or did I miss it?"

    Yes this is very true.

    Why is this- the router and the PC have to talk to each other on the ports 67 and 68 UDP (actually called the bootps - router and port 67 and the bootpc-PC and the port 68). The port of the PC actually opens to let the router talk to it and the router does the same (but open only on the LAN side of the router). Without this basic, there is no connection made to the router. Okay that covers a bare explaination for the router and the DHCP. So does it really matter if the router is set as Trusted? Of course not. It is a private address and it certainly is not an internet address by any means. BTW DHCP means Dynamic Host Configuration Protocol. That is explained in this reply in a recommended reading.

    The PC talks to the DNS server. (BTW DNS stands for Domain name system- that is explained in the next paragraph). It uses both TCP and UDP out to the port 53 of the DNS. The PC must have a port that can be opened from the DNS's port 53 but only through UDP.
    Why is DNS so important? Because the PC applications such as browser actually have no address(s) for the site(s) that is required by the user- it just has a name. A browser is just one example. In reality the OS needs to have access to the DNS (the svchost.exe needs to go to the DNS and get info back). But in order to communicate it needs to have an actual IP. We see something like zonelabs.com as an address, but in the internet world it appears as 209.87.209.44 to us (But really in the machine world it will appear even more different to them.)
    So does it really matter if the DNS server(s) is set as Trusted? Of course not. It is a direct connection to your provider's address and it certainly is not an open internet address by any means. There is no one else between you and the DNS server of your provider. Come to think of it, I am in Canada, my provider is in town and I am using a DNS server in California. I had to mention that to get things mixed up, but it is very true and works just great. Go figure.

    Need more ideas??

    http://www.techsoup.org/learningcent...s/page4800.cfm

    http://www.bitvise.com/how-the-net-works


    http://www.ipcortex.co.uk/wp/fw.rhtm

    Or do you want some extra reading???

    http://en.wikipedia.org/wiki/Internet

    http://en.wikipedia.org/wiki/Domain_name_system

    http://en.wikipedia.org/wiki/Dhcp

    http://en.wikipedia.org/wiki/Private_network

    http://en.wikipedia.org/wiki/Transmi...ntrol_Protocol


    http://en.wikipedia.org/wiki/User_Datagram_Protocol

    maybe even ICMP and protocol and not just TCP and UDP....

    http://en.wikipedia.org/wiki/Interne...ssage_Protocol

    http://en.wikipedia.org/wiki/Internet_Protocol

    okay back to the theme of this reply...

    http://en.wikipedia.org/wiki/Internet_backbone

    http://en.wikipedia.org/wiki/Server_(computing)

    http://en.wikipedia.org/wiki/Internet_site





    Okay here is what to do for the ZA and the issue of this post..... actually pretty easy..especially after all that heavy reading....

    1. Go to Run type in command, hit OK, and type ipconfig /all then press enter. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side
    2. In ZA on your machine on the Firewall>Zones tab click Add and then select IP Address. Make sure the Zone is set to Trusted
    3. Click OK and then Apply for each one.
    4. The localhost or loopback must be listed as Trusted. It has the address of 127.0.0.1
    5 The Generic Host Process or the svchost.exe listed in the Program list must have both Trusted and Internet access and it must have server rights for the Trusted Zone, but not the Internet Zone.

    http://www.donhoover.net/dnsdhcp.html

    http://www.microsoft.com/resources/d....mspx?mfr=true

    I may have missed something, but it is 1:36 AM, so I have an excuse. Any further questions about anything, just ask and I will reply (but with less recommended reading).

    Oldsod

    Message Edited by Oldsod on 03-02-2007 01:37 AM
    Best regards.
    oldsod

  3. #3
    aximon Guest

    Default Re: Losing the Internet connection, have to reboot to restore it

    Thanks for all the information Oldsod. I read the first three links and learned a lot. Will do the 'extra reading' as time permits.

    The only difference I saw from the example in the first link is that I have two DNS addresses so I guess both should be listed in the firewall as Trusted, along with the DHCP and router address which should also be listed as Trusted. The loopback was already there and set to Trusted.

    Questions:

    Are there any other changes that would help keep the Internet connection from being lost?

    Are these changes part of the standard installation procedure (and I missed them) or is there something odd about my computer setup?

    I've heard that IP addresses can be faked. If I set the router, DNS or DHCP to trusted, can someone fake those addresses and gain access to my computer and files?

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Losing the Internet connection, have to reboot to restore it

    Hi aximon

    To enter the DNS server (most people have two DNS server addresses, BTW, but some have just one), entering the DHCP (usually the router IP or gateway address, but if no router then the DHCP is a seperate address from either the dsl modem or the provider's server- again it is seperate from the DNS), the loopback address (this is the internal address of every windows OS and every MAC and Linux, etc have the same address, just different numbers) as Trusted in the Zones is just what is needed. The svchost.exe (or commonly called generic host process) needs to get and receive from the DNS and the DHCP addresses, hence it has the Trusted Zone server rights.

    Answers:

    This should fix the issue.

    Nothing odd about the PC setup. It is the same for everybody. Computers and internet works just this way and no other way is allowed.

    IP addresses can be faked.... commonly called DNS Spoofing and IP Spoofing (another issue). Actually by setting in the correct and desired addresses for the DNS there is zero chance of DNS Spoofing, since now the addresseses are "locked" in. The ZA now has definitely proof and will always do the job correctly. Plus there has to be some malware that would try to change the actual Windows settings to have DNS spoofing. The DNS and the actual IP of the PC is set in the Windows file/registry itself. Actually most malware never does this- easier just to attempt to call home through approved applications (ZA beats that problem) or by itself (ZA beats that issue too).
    If they could do that to gain access to your files, it means you are already infected and it is now too late to prevent that problem. This is the least of your concerns.

    As for spoofing the DHCP, this cannot be done. Impossible to do because the 192.168.0.0 to 192.168.x.x range of addresses is a Private Network. The private network is impossible to be accessed from the internet.

    Ever try pinging a private network address?? Just ping my address.. here it is.. 192.168.0.4 What did you ping?? Just your own LAN or home network. The same applies to me.. if I ping your private address ... I just called my own LAN or home network. Your PC behind a router can not be attacked this way at all.


    IP spoofing is done in the browser (occasionally in the email). A site appears to be the one you wanted and it is an imposter. Usually some small give-away to the regular visitor. What happens is the url in the address bar is the one wanted, but the actual IP does not match the IP of that site. Just doing a simple whois will reveal all as to whether this is legit.

    http://www.dnsstuff.com/

    A tool for this is called Spoof Stick. It works the FireFox and IE browser. Does the whosis lookup for you and gives an answer as to whether the site is spoofed or not.

    http://www.spoofstick.com/

    This must have become an issue or else Microsoft would never have introduced the Phishing Filter in the IE7 browser. This does the same thing, but in a Windows way instead. I use the Opera 98% and it has a Phishing filter from Phish Tank. I do believe the FireFox has some Phishing filter addon as well.

    Another approach is the Link scanner. The online service is free...

    http://linkscanner.explabs.com/linkscanner/default.asp

    This will show if the site has some exploit.

    McAfee has for free the Site Advisor. This will slow the browser speeds down, but some users are relying heavily on this to guide them through the internet.

    http://www.siteadvisor.com/

    To eliminate all DNS and DHCP possible change attacks...
    for a desktop that never changes the router or the actual designated LAN IP or leaves the desk (table) and have a cable connection (and Not For DialUp setups!) and is a wired connection and not a wifi connection...it can be done in Windows itself. If you meet those requirements then do this...

    Find the IP of the PC (as assigned by the router, not the provider).
    Find the IP of the gateway/router
    Find the IP(s) of the DNS
    Write these down on paper or a file on the desktop

    Open the Services of the Administrative Tools
    Disable and Stop the DNS Client
    Disable and Stop the DHCP Client


    Reboot and ignore the loss of connections warnings


    Open the network connections
    Click the adapter and open the properties
    Select the Inetrent Protocol (TCP/IP)
    Select the Properties button
    Select Advanced button of the General Tab
    Select the IP Setting tab and enter the IP address using the ADD in the IP Address box
    Use the Add to enter the gateway address in the Default gateway box
    Select the DNS tab and add the DNS addresses individually

    Ok and Allow the things and close the whole thing and immediately reboot.
    The connection should return and now the desktop PC is locked in forever. Now Windows has these setting locked in the registry and there is a greatly reduced chance of DNS Spoofing. Plus Windows will stop looking at every boot up and will just use what it has been set to use.


    Oldsod

    Message Edited by Oldsod on 03-02-2007 02:13 PM
    Best regards.
    oldsod

  5. #5
    aximon Guest

    Default Re: Losing the Internet connection, have to reboot to restore it

    Thanks for such a detailed explanation Oldsod. It's nice to know why one is doing something rather than just blindly doing it.

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Losing the Internet connection, have to reboot to restore it

    I wish somebody had told me or explained or gave some strong guidance a long time ago. It would have saved a lot of trouble and confusion when I first started to use a computer. So, I make up for it by helping others instead

    Oldsod

    Message Edited by Oldsod on 03-02-2007 02:46 PM
    Best regards.
    oldsod

  7. #7
    zprouser Guest

    Default Re: Losing the Internet connection, have to reboot to restore it

    Another thread said to use this one for similar questions, I hope I'm not threadnapping.

    I also lose connection after going into sleep mode and standby mode.
    I hadn't noticed this until I built this new computer and reinstalled the updated version of Zone alarm.

    My Question is;
    I'm connected to my cable modem behind a router,
    The dchp and dns ip numbers point to the router, ie 192.168.1.1
    Do I want to add the router ip to the trusted zone?
    It seems unsafe to do this.

    When I first installed the system it detected a new network
    192.168.1.0/255.255.255.0 I put this into the internet zone.

    Thanks for any and all replies.


    System:
    ZoneAlarm Pro version:7.0.302.000
    TrueVector version:7.0.302.000
    Driver version:7.0.302.000
    Anti-spyware engine version:5.0.162.0
    Anti-spyware signature DAT file version:01.200703.1145

    Windows XP pro sp2

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •