Results 1 to 9 of 9

Thread: Zone Client going out to non ZA address

  1. #1
    allanku Guest

    Default Zone Client going out to non ZA address

    XP SP2. ZA free edition, DSLChecked Logs and Alerts and saw that zclient.exewent out to an address which was not Zone Labs, nor my ISP. Action was Allowed(once) Is this an indication of a problem? Should ZA be contacting any non Zone Lab sites, other than perhaps my ISP as mentioned in another post I read?

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm (Free)
    Software Version:6.5

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zone Client going out to non ZA address

    Hi and welcome to the Zone Alarm users forum!

    What is the address that the zclient.exe went to?

    Oldsod
    Best regards.
    oldsod

  3. #3
    allanku Guest

    Default Re: Zone Client going out to non ZA address

    Yesterday it went to 69.31.86.65:53today 80.67.72.198:53

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zone Client going out to non ZA address

    Hi

    Is the DNS Client on in the Services? Do you have the DNS servers of your provider as Trusted in the Zones in the Zone Alarm? What about a dns flush using ipconfig /flush- details about this procedure at microsoft.com

    http://207.46.19.60/technet/itsoluti...fund_ch07.mspx

    It maybe okay.

    80.67.72.198 is akamai technologies a server used by microsoft and zonelabs.

    69.31.86.65 is pilosoft and part of nlayer communications.

    Lookup at:

    http://isc.sans.org/

    http://www.dnsstuff.com/

    http://www.checkdomain.com/

    http://www.arin.net/whois/

    Oldsod
    Best regards.
    oldsod

  5. #5
    allanku Guest

    Default Re: Zone Client going out to non ZA address

    DNS Client services onDNS Servers were in Trusted Zone during when this traffic happened. I switched them to Internet Zone later just to see what effect that had on anything - none that I can see.Saw nothing alarming in DNS Cache, flushed it anywayChecked addresses on one of the lookup sites you gave as well as with an utility I have. Nothing alarming there either.Is there some reason ZA would be using 69.31.86.65 ?Thanks for the very quick and informative repliesAllan

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zone Client going out to non ZA address

    Hi Alan

    The understanding that the pc has two way traffic with the port 53 of the providers DNS servers is correct. The invound traffic into the PC from other servers port 53 is usually a not desired event. It would be the indication of DNS spoofing and this usually would be a hacker and usually is tried on more properous LANs such as civil or industrial LANS.

    I used my "secret" site to check out the ip 69.31.86.53 Still nothing unusual, But it would not be a bad idea to keep then blocked in the ZA.

    http://fixedorbit.com/search.htm

    Oldsod
    Best regards.
    oldsod

  7. #7
    allanku Guest

    Default Re: Zone Client going out to non ZA address

    Oldsod,I am using free version of ZA, no option to Block URL only Internet or Trusted Zones. I assume the Block Zone exists only in paid version. Also note that this was not inbound traffic, but was outbound. Thought that the Destination DNS for 69.31.86.65 referred to a porn site, but I cannot verify this as the log file does not seem to have this information in it. Destination DNS for 80.67.72.198 is shown as a1815.g.akamai which does agree with whosis.regards,Allan

  8. #8
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zone Client going out to non ZA address

    Hi Alan!

    Sorry for getting mixed up- serves me right for cooking,watching the documentaries on TV, browsing the internet and checking up on the forum all at the same time.

    They seem innocent enough and not related to malware and also if the PC comes clean and has no strange processes in the Task Manger, and there has been no risks of late, then you are probably okay


    As for the blocking of sites try the Protowall from bluetack.com.uk or

    http://www.bluetack.co.uk/modules.ph...howpage&pid=13

    This is a heavy duty method to block sites for the P2P users, but can be easily used for blocking entire ranges of whom ever you wish! If you do try this please check out the installation instructions because the driver in the NIC does require a simple trick to make it work. Plus the Blocklist converter page does have additionally good block lists for the security minded users.And of course sites and ranges can be entered manually, when the protowall is off and just reboot when finished. No internet traffic is allowed either inbound or outbound using this freeware software. Check out the site if you think this is a viable method of security.

    Alternate methods of site blocking are the router itself and the Host File
    .
    The simple and easy approach using the Host File:

    Open the C\WINDOWS\system32\drivers\etc and select the Hosts File. Uncheck the "Read Only" in the Properties, click the Apply and OK. Then using the notepad, open the Hosts File and enter the sites (after the 127.0.0.1 local host) as example:

    127.0.0.1 (space) anywhernetworks.com

    and include all other undesired sites as 127.0.0.1 and the url. When finished close the notepad and yes to changes and enter the properties and reset the Read Only and apply and ok and reboot.This will prevent outbound traffic flows to the sites. This is an effective method for ad blocking and malware blocking as well.

    http://en.wikipedia.org/wiki/Hosts_file

    Also, ifyou wish to persue more blocking via the Host File then check out the MVPS site for a good start in this direction or

    http://www.mvps.org/winhelp2002/hosts.htm

    Take care

    Oldsod
    Best regards.
    oldsod

  9. #9
    allanku Guest

    Default Re: Zone Client going out to non ZA address

    Oldsod,Thanks for all the help, sorry to interupt your cooking etc. You have put my mind at ease, and I will read the alert popups more closely before I allow any program to access the internet . If I get nervous I may just implement some of the blocking methods you suggested.Thank you again for all your helpAllan

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •