Results 1 to 10 of 10

Thread: Somethings or someones trying to get in?

  1. #1
    zauserlaw Guest

    Default Somethings or someones trying to get in?

    i just
    clicked
    za's
    high
    alert button so i could see what or who has been trying to connect.
    i just wanted high alerts shown and that is working fine.
    i noticed that my isp assigns me an ipa of xx.xxx.xx.??? and changes the last three every time i log on.i wanted za to alert me because i noticed that !!.!!!.!!.!!! (which is the same address as
    mine except for the last 3 numbers)continues to try and connect with me on different ports and coming from a different address (see above) thru netbios.
    every time i log on i get all these alerts, almost as if they're waiting for me.
    i restricted xx.xxx.xx.1 to xx.xxx.xx.200 and for some reason that slowed the alerts down some but they still come and the alert will show from 2 to 8 attempts, different last 3 numbers and different ports.
    za details and/or whois can't tell me anything except that it's an IANA restricted and someone is probably spoofing.anyone got any ideas or have i done all that i should?


    Operating System:Windows ME
    Product Name:ZoneAlarm Pro
    Software Version:6.1

  2. #2
    Join Date
    Dec 2005
    Posts
    8,996

    Default Re: Somethings or someones trying to get in?

    Hi

    What are these addresses of the attacking addresses and the ports?

    Oldsod
    Best regards.
    oldsod

  3. #3
    zauserlaw Guest

    Default Re: Somethings or someones trying to get in?

    hi olsod, thanks for responding.
    72.236.43.x.
    x=anywhere between 1 & 200
    destination port my machine=139 and a couple of others i don't remember, most if not all 139 though.
    source ip ports= 3006, 2902, 3418, 3302, 1740, 1564, 1121, 1085, 1053, 2046, 1661, 1835, 1589, 1565, 1533, 1485, 1458, 1431, etc., etc.
    is that enough info?

  4. #4
    Join Date
    Dec 2005
    Posts
    8,996

    Default Re: Somethings or someones trying to get in?

    Port 139 TCP is the netbios-ssn or in other words one the NetBIOS ports.

    NS1.TELCOVE.NET.is the authoritative nameserver for 43.236.72.in-adr

    Rocky Point, North Carolina
    TelCove, Inc. TELCOVE-KMC (NET-72-236-0-0-1)
    72.236.0.0 - 72.237.255.255
    Local Net TELCOVE-KMCFYVI-LOCAL (NET-72-236-43-0-1)
    72.236.43.0 - 72.236.43.255

    Your internet provider is pinging your PC and probably just keeping in touch with the modem and PC..

    To fix this just enter the DNS server(s) and DHCP server addreses as Trusted in the Zones of the Firewall of the ZA.
    Do it this way:

    1. Go to Run type in command, hit OK, and type ipconfig /all then press enter. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side
    2. In ZA on your machine on the Firewall>Zones tab click Add and then select IP Address. Make sure the Zone is set to Trusted
    3. Click OK and then Apply for each one.
    4. The localhost or loopback must be listed as Trusted. It has the address of 127.0.0.1
    5 The Generic Host Process or the svchost.exe listed in the Program list must have both Trusted and Internet access and it must have server rights for the Trusted Zone, but not the Internet Zone.

    http://www.donhoover.net/dnsdhcp.html

    http://www.microsoft.com/resources/d....mspx?mfr=true

    To close the NetBIOS port 139 permanently in the PC, then just do this:

    Try to close all ports and shares
    -> Control Panel
    --> Network and Internet connections
    ---> Network connections
    ----> Select connections and right click on them
    -----> Properties
    ------> Select all other items (one by one) than: TCP/IP
    -------> Uninstall
    ------> Select: TCP/IP
    -------> Properties
    --------> Advanced
    ---------> WINS
    ----------> Remove: Enable LMhosts lookup
    ----------> Select: Disable Netbios over TCP/IP
    ---> Repeat the procedure on all other connections too

    How is that?

    Oldsod

    Message Edited by Oldsod on 01-11-2007 09:43 PM
    Best regards.
    oldsod

  5. #5
    zauserlaw Guest

    Default Re: Somethings or someones trying to get in?

    hello and thank you again for your replies, oldsod.
    i have the other addresses listed but not the generic host process? or svchost.exe?
    what are they?
    i did the lookup of dns and dhcp this is what it looks like:
    (i can't tell the heading)




    physical address. . . . . . :
    00-00-00-00-00-00



    dhcp enabled. . . . . . . .
    . :
    no



    ip address . . . . . . . . .
    . . : 3.0.0.0



    subnet mask . . . . . . . . . .
    : 255.255.255.255



    default gateway . . . . . . . .:



    primary wins server. . . . . .:



    secondary wins server . . .:



    lease obtained. . . . . . . . . .:



    lease expires. . . . . . . . . . .:
    2
    ethernet adapter:
    description . . . . . . . . : ppp adapter.physical address. . . . : x-x-x-x-x-xdhcp enabled. . . . . . . : yesip address. . . . . . . . . : 72.236.x.xsubnet mask. . . . . . . : 255.0.0.0default gateway. . . . . : 72.236.x.xdhcp server. . . . . . . . : 255.255.255.255primary wins server. . :secondary wins server:lease obtained. . . . . . :lease expires. . . . . . . :

    Try to close all ports and shares
    -> Control Panel
    --> Network and Internet connections
    just says network.
    ---> Network connections
    ----> Select connections and right click on them
    -----> Properties
    ------> Select all other items (one by one) than: TCP/IP
    has 7 entries.
    client for microsoft networks, ethernet controller, dial-up adapter, microsoft tv/video connection and tcp/ip b4 those last 3 connections, ex. tcp/ip-> dial-up adapter.
    -------> Uninstall
    uninstall all except the last 3 or all?
    ------> Select: TCP/IP
    -------> Properties
    gateway, wins configuration, ip address, bindings, advanced, netbios ( has i want to enable netbios over tcp/ip checked and greyed out), dns
    configuration.
    --------> Advanced
    ---------> WINS
    wins doesn't come up under advanced in
    either of the tcp/ip's, what does is
    property:
    allow binding to atm, value:
    no
    ----------> Remove: Enable LMhosts lookup
    i don't see this.
    do i see after uninstalling earlier?
    ----------> Select: Disable Netbios over TCP/IP
    ---> Repeat the procedure on all other connections too
    thanks again!




    Edited by Oldsod

    Message Edited by Oldsod on 01-12-2007 06:33 PM

  6. #6
    Join Date
    Dec 2005
    Posts
    8,996

    Default Re: Somethings or someones trying to get in?

    http://www.dnsstuff.com/tools/whois.ch?ip=3.0.0.0

    or

    OrgName: General Electric Company
    OrgID: GENERA-9
    Address: Internet Registrations
    Address: 3135 Easton Turnpike
    City: Fairfield
    StateProv: CT
    PostalCode: 06828-0001
    Country: US

    NetRange: 3.0.0.0 - 3.255.255.255
    CIDR: 3.0.0.0/8
    NetName: GE-INTERNET
    NetHandle: NET-3-0-0-0-1
    Parent:
    NetType: Direct Assignment
    NameServer: NS.GE.COM
    NameServer: NS1.GE.COM
    NameServer: NS2.GE.COM
    Comment:
    RegDate: 1988-02-23
    Updated: 2002-09-26

    RTechHandle: GET2-ORG-ARIN
    RTechName: General Electric Company
    RTechPhone: +1-203-373-2962
    RTechEmail: *********@ge.com

    OrgTechHandle: GET2-ORG-ARIN
    OrgTechName: General Electric Company
    OrgTechPhone: +1-203-373-2962
    OrgTechEmail: *********@ge.com

    Yes you are right. Just disable the microsoft networks or uninstall it. Leave the rest alone, and if uninstalled ,then use the install button and replace thsse.

    Oldsod
    Best regards.
    oldsod

  7. #7
    zauserlaw Guest

    Default Re: Somethings or someones trying to get in?

    sorry for delay oldsod, went away for little while.did everyting u said.
    microsoft networks deleted and the greyed out area showed up not greyed out
    and i unchecked it.what does the web address and the other paragraphs below them mean?
    looks like whois.
    i went to the site but i wasn't really understanding what i was to learn here.while i am not a novice; i am definitely overwhelmed by all i do not know and i really appreciate your expertise and willingness to help.1 last qustion.
    why would my isp try to connect so hard and for so long?
    i'm always connected unless i terminate the connection (dialup).
    so what's the big deal?

  8. #8
    Join Date
    Dec 2005
    Posts
    8,996

    Default Re: Somethings or someones trying to get in?

    Call your provider up on the phone. Ask them what the DNS servers and the DHCP server addresses are. Record the DNS in the WINS of the Network Properties and add the DNS and the DHCP servers in the ZA Zones as Trusted. This will get the correct addresses and straighten out the questions and problems.

    That GE address is not a DNS lookup. Do you use a GE modem or GE router or any GE on the PC?

    You are right and this relates to your last question- there is a DNS lookup issue and the proper DNS addresses in the XP OS and in the ZA will fix this.

    Also are you connected to an office server or using VOIP or VPN?

    Oldsod

    Message Edited by Oldsod on 01-16-2007 05:52 PM
    Best regards.
    oldsod

  9. #9
    zauserlaw Guest

    Default Re: Somethings or someones trying to get in?

    Call your provider up on the phone. Ask them what the DNS servers and the DHCP server addresses are. Record the DNS in the WINS of the Network Properties and add the DNS and the DHCP servers in the ZA Zones as Trusted. This will get the correct addresses and straighten out the questions and problems.1.
    roger, will do, get back to you on this.

    That GE address is not a DNS lookup. Do you use a GE modem or GE router or any GE on the PC?2.
    use conexant hcf v90 modem.
    not connected with ge i don't think.

    You are right and this relates to your last question- there is a DNS lookup issue and the proper DNS addresses in the XP OS and in the ZA will fix this.3.
    using winme.
    that doesn't change anything, right?

    Also are you connected to an office server or using VOIP or VPN?4.
    not that i know of,
    but my wife took the computer to a shop while i was in fl in 2005 and when i came back i noticed there was an unknown device in device management and i deleted it but every time the computer starts up it detects this new device and wants to install.
    lazy me hasn't opened up the computer to see what if
    anything i could see, not even to clean, so must be time for that.
    thank you.

  10. #10
    Join Date
    Dec 2005
    Posts
    8,996

    Default Re: Somethings or someones trying to get in?

    Hi

    The reason I said to get in touch with the provider for the DNS and DHCP was just to make there are mistake made.

    Okay the GE DNS connection is very incorrect then. Something is wrong with this.

    No difference from the Win ME and the XP. Same rules and internet applies.

    Just checking about the VPN so there are no curve balls thrown. Maybe a good idea to check out the unknown device and see what is really all about.

    Oldsod
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •