Results 1 to 10 of 10

Thread: 2 Alerts I recieved a day after getting Optimum Boost

  1. #1
    blueeyedfox Guest

    Default 2 Alerts I recieved a day after getting Optimum Boost

    Hello well I use to use Verizon Online DSL but it was so slow so
    I upgraded to Optimum Boost yesterday
    and Today these messages popped up, never got them before. Thanks.

    About an hour after I was watching a movie on my computer and I boxed it and about a minute or two into surfing the web it comes up again

    Update: Again, 3 alerts
    Operating System:
    Windows XP Home Edition
    Software Version:

    Product Name:
    ZoneAlarm Internet Security Suite


    Message Edited by BlueEyedFox on 12-17-2007 05:40 PM

    Message Edited by BlueEyedFox on 12-17-2007 08:13 PM

  2. #2
    blueeyedfox Guest

    Default Re: 2 Alerts I recieved a day after getting Optimum Boost

    Got another one when I was watching a movie I zoomed out and I opened a browser and I was surfing for a minute and it popped up

  3. #3
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: 2 Alerts I recieved a day after getting Optimum Boost

    <blockquote><hr>BlueEyedFox wrote:
    Got another one when I was watching a movie I zoomed out and I opened a browser and I was surfing for a minute and it popped up

    <hr></blockquote>

    Open the ZA Logs and lookup these alerts and see if the remote port is 53 and if the protocol is UDP.

    I suspect this is the correct dns server for cablevision.
    Do you the DNS server(s) listed as Trusted in the Zones of the Firewall of the Zone Alarm?

    Oldsod

    Message Edited by Oldsod on 12-17-2007 11:41 PM
    Best regards.
    oldsod

  4. #4
    blueeyedfox Guest

    Default Re: 2 Alerts I recieved a day after getting Optimum Boost

    These happend 15 minutes ago, I looked up the alerts and only found the last 3
    First one is UDP port 1197 - Using program svchost.exeSecond one is UDP
    port
    1138 - Using program svchost.exeThrid one is UDP port 2576- No Program
    I don't see any DNS servers in the Trusted Zone



    Message Edited by BlueEyedFox on 12-17-2007 08:15 PM

  5. #5
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: 2 Alerts I recieved a day after getting Optimum Boost

    The ports you mention/listed, I assume, are the local ports of the PC. What are the remote ports being attempted of this remote IP Address?

    Oldsod
    Best regards.
    oldsod

  6. #6
    blueeyedfox Guest

    Default Re: 2 Alerts I recieved a day after getting Optimum Boost

    Arent you referring to the Ports I listed?
    I looked for more info and I got this
    &quot;ZoneAlarm Security Suite prevented your computer from accessing port 53 on a DNS server
    ZoneAlarm Security Suite prevented your computer from sending a message to a remote computer. No breach in your security has occurred.Your computer is safe. <a target="_blank">What happened?</a>

    ZoneAlarm Security Suite blocked an outbound communication to a Domain Name Server. The function of a Domain Name Server (DNS) is to convert a domain's IP address, such as 207.25.71.28, into a recognizable name, such as www.cnn.com.<a target="_blank">Should I be concerned?</a>

    There is usually no reason to worry about this alert, but it should be investigated. One possibility is that your application attempted to send a query out to the Internet before ZoneAlarm Security Suite started running on your machine at start-up time. By default, ZoneAlarm Security Suite is loaded when Windows first starts up. This minimizes the possibility that an application will establish an Internet connection before the TrueVector Service is loaded.<a target="_blank">What should I do?</a>

    Your internet application may not be not working properly. In that case, stop the application, then restart it. This often fixes the problem and in that case, you will not receive this alert again. In addition, go to the Configure panel to make sure that ZoneAlarm Security Suite is configured to load when Windows starts. You can also run regular checks on your machine for viruses and Trojan horses.

    In the logs it says in the describiton like this

    &quot;Package sent from (my computer) (UDP Port 1197) (one of the ports) to 167.206.254.2 (DNS) was blocked&quot; same thing, just diffrent UDP ports

    Message Edited by BlueEyedFox on 12-17-2007 08:24 PM

  7. #7
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: 2 Alerts I recieved a day after getting Optimum Boost

    First of all just relax. The ZA has stopped connections and the PC is secured. But I think the alerts are caused just by a misconfiguration in the firewall.
    The ports you list are the "local ports" or the PC's ports and not the remote port (the accessed port of the remote IP); there is a difference when the port is your own port or the port of the remote server of the internet. These ports you have listed are common for windows and the supported software.
    Usually the 1-1000 range of local ports are very specific for window/internet connections and windows will use the entire range of 1-5000 of the local ports.
    The supported software (browsers, security updaters, updaters, etc) will usually use the 1000-5000 range of the local ports. But neither windows or supported software are limited to just the 1-5000 range. They can often use higher ports.


    The DNS server IP address(es) should be listed as Trusted in the Zones.
    Try this and reboot and see what happens with these alerts happening:

    Make sure your DNS and DHCP server IP's are in your Firewall's Trusted zone. Finding DNS and DCHP servers, etc

    1. Go to Run and type in command and hit 'ok', and in the command then type in ipconfig /all[/b] then press the enter key. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side. Make sure there is a space between the ipconfig and the /all, and the font is the same (no capitals).
    2. In ZA on your machine on the Firewall, open the Zones tab, click Add and then select IP Address. Make sure the Zone is set to Trusted. Add the DNS IP(s) .
    3. Click OK and Apply. Then do the same for the DHCP server.
    4. The localhost (127.0.0.1) must be listed as Trusted.
    5. The Generic Host Process (svchost.exe) as seen in the Zone Alarm's Program's list must have server rights for the Trusted Zone.
    Plus it must have both Trusted and Internet Access.

    Extra help is found at Guru Hoov site for the DNS/DHCP.

    Please post back with the changes made.
    Best regards, Oldsod
    Best regards.
    oldsod

  8. #8
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: 2 Alerts I recieved a day after getting Optimum Boost

    Once you do the ipconfig /all (see my reply just below) and you see that IP address for the dns server matches the IP in the alerts, you should have no need to be overly concerned. I do suspect this is your legitimate dns server and there is no dns security issues. It should be added as trusted in the zones and the ZA alerts will stop.

    Oldsod
    Best regards.
    oldsod

  9. #9
    blueeyedfox Guest

    Default Re: 2 Alerts I recieved a day after getting Optimum Boost

    The DNS servers we're the ones that kept coming up on my computer, so I added them to the trusted list
    I have the fallowing listed with the IPS
    DNSDNSDCHPLocal Hostand the subnet mask
    svchost.exe was already listed with &quot;super&quot; and trusted on everything except mail
    I don't think I will be having anymore problems, I just think it has to do with me switching ISP's because I just swtiched yesterday and wasnt on long, Well I'll let you know if anything changes.
    Thanks alot for your time and help, I really appericate it.

  10. #10
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: 2 Alerts I recieved a day after getting Optimum Boost

    BlueEyedFox

    That is nice to hear. Those are neccessary. The ZA was still going by the older and discarded DNS from before. Now it has the correct dns server and all is well.
    One more thing - make sure the svchost.exe does not have green check or allow for the Internet Server. It needs the trusted and internet acces and of course server for the trusted, but it does not need any internet server rights.

    Best regards
    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •