Results 1 to 10 of 10

Thread: Am I secure?

  1. #1
    cactusgal Guest

    Default Am I secure?


  2. #2
    cactusgal Guest

    Default Re: Am I secure?

    Sorry - I hit the wrong key before.

    My question is about security information.
    It says that no intrusions have been blocked since installation; Inbound firewall has blocked 56868 access attempts.
    These figures have never changed.
    It makes me wonder if ZA free is doing its job.

    Any comments or suggestions would be appreciated.

  3. #3
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Am I secure?

    Hi

    By any chance did you check to see where the blocked incoming intrusions were coming from which IP?

    Oldsod.
    Best regards.
    oldsod

  4. #4
    cactusgal Guest

    Default Re: Am I secure?

    No, sorry I didn't but will in the future.

    I am puzzled by another frequent alert that says: The Firewall has blocked internet access to (an IP address) from your computer. Can you explain that?

  5. #5
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Am I secure?


    <blockquote><hr>cactusgal wrote:
    No, sorry I didn't but will in the future.

    I am puzzled by another frequent alert that says: The Firewall has blocked internet access to (an IP address) from your computer. Can you explain that?
    <hr></blockquote>


    Something got blocked - again check out the alert and look at the logs in the Viewer. The exact details are all there to be examined.

    I suspect previously the ZA was misconfigured and either the dhcp or the dns incoming connections were blocked. Or both.
    In which case this would explain the high number of incoming intrusions that were blocked by the ZA.
    Once you upgraded the ZA to the newer version, it has the newly added self configuration feature, and the correct dns and dhcp addresses were as automatically added as Trusted.
    This would explain the total of zero count for the latest ZA's blocked intrusion counts.


    Basic configuration is usually done as this:

    Make sure your DNS and DHCP server IP's are in your Firewall's Trusted zone. Finding DNS and DCHP servers, etc

    1. Go to Run and type in command and hit 'ok', and in the command then type in ipconfig /all then press the enter key. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side. Make sure there is a space between the ipconfig and the /all, and the font is the same (no capitals).
    2. In ZA on your machine on the Firewall, open the Zones tab, click Add and then select IP Address. Make sure the Zone is set to Trusted. Add the DNS IP(s) .
    3. Click OK and Apply. Then do the same for the DHCP server.
    4. The localhost (127.0.0.1) must be listed as Trusted.
    5. The Generic Host Process (svchost.exe) as seen in the Zone Alarm's Program's list must have server rights for the Trusted Zone.
    Plus it must have both Trusted and Internet Access.

    However the ZA free does instead show the network adapter with the correct IP. The above instructions are for the paid versions of the ZA. But the idea is the same.

    Oldsod.
    Best regards.
    oldsod

  6. #6
    cactusgal Guest

    Default Re: Am I secure?

    Thanks for your response.
    I'll check out the alert next time.

  7. #7
    cactusgal Guest

    Default Re: Am I secure?

    I just got another alert that said &quot;Program Generic Host Process for Win 32 services.
    What's that?
    I also looked for more information which said:

    &quot;A blocking alert to port 123 occurs if your computer is using the Network Time Protocol. If you have not specifically configured your computer to connect to a server on the Internet to check updated time and date functionality then there is a strong possibility your computer is infected with the Sobig.F worm. Use antivirus software with up-to-date virus definitions to scan your computer for malware. The virus scan should locate and neutralize the worm.&quot;

    I'm assuming I'd have my computer connected to a server on the Internet to update the time and date automatically so does that mean I might have the Sobig.F worm?
    And if so, how do I
    find out and get rid of it?





  8. #8
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Am I secure?


    <blockquote><hr>cactusgal wrote:
    I just got another alert that said "Program Generic Host Process for Win 32 services.
    What's that?
    I also looked for more information which said:

    "A blocking alert to port 123 occurs if your computer is using the Network Time Protocol. If you have not specifically configured your computer to connect to a server on the Internet to check updated time and date functionality then there is a strong possibility your computer is infected with the Sobig.F worm. Use antivirus software with up-to-date virus definitions to scan your computer for malware. The virus scan should locate and neutralize the worm."

    I'm assuming I'd have my computer connected to a server on the Internet to update the time and date automatically so does that mean I might have the Sobig.F worm?
    And if so, how do I
    find out and get rid of it?





    <hr></blockquote>
    Look here for the generic host process here.

    Actually one of your assumptions is correct - the svchost.exe does require to allow incoming connections from the remote port 123 of the time server by UDP.
    Not a worm but a normal and accepted connection.
    Relax.
    The integrity of your windows is still intact.

    Probably one of the best things to do is enter the entire range of the time server being used by windows as Trusted in the Firewall and make sure then the svchost.exe does have the server rights for the Trusted.
    You will not have any more false starts and the time updater for windows will then go smoothly.

    Oldsod.
    Best regards.
    oldsod

  9. #9
    cactusgal Guest

    Default Re: Am I secure?

    OK, I'll do that.
    I had four Trojans several weeks ago and I'm gun shy. Thanks for putting my mind at rest!

    Many thanks, Oldsod,
    for all of your responses.

  10. #10
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Am I secure?

    You are welcome.
    Best regards.
    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •