Results 1 to 4 of 4

Thread: ZA Suite and linksys wireless router,having problems...

  1. #1
    stinman Guest

    Default ZA Suite and linksys wireless router,having problems...

    Hi all,my problem is that since I hooked up my linksys WRT54G Broadband router things have went nutz! Let me say that I went on line to my web based page at linksys to configure my router to shut off the wireless part,I just use it for a router with the 4 ports in the back.First of all I could not hook it up on my pc which I have ZA,I had to use my other XP home as the first pc and This one is the 2nd one on the router.I keep getting this in the firewall alert page-packet sent from 192.168.1.1(udp port 4071) to 239.255.255.250 (udp port 1900) was blocked. Yesterday I got one of these every minute all day until I finally just blocked it. Of course the 192.168.1.1 is the ID of the first pc hooked to the router and mine is the same except for the last number. I went to smart defense page,but unless a person has been dealing with these types of alerts ,well it is over whelming. I just do not understand everything.I have learned a lot since getting the suite few weeks ago.It says could be a port scan,or a pc on my network trying to communicate,I have not tried to communicate pc to pc.Also now the generic host process for windows 32 continues to be blocked,one of them anyway,I do not know which one.I have a media center pc which does a few other different connections than a regular xp pro or home from this process. I do have it set to super
    with trusted and
    internet.The os firewall is blocking the Windows explorer from using verclsid.exe process from launching another program,something like that.Is this bad? How do you tell the os firewall to let something happen, if one was to need too?I know this is long, but I got to learn all these things.I do not get any alerts,or the program never ask me anything,it just does it.Sometimes that is OK,but others it is not.Thanks for taking the time to read all of this!ZA suite 7.0.337.0.0True vector 7.0.337.0.0Driver 7.0.337.0.0anti-virus eng 3anti-spy 50176.0anti spam 4918211

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    zaswing Guest

    Default Re: ZA Suite and linksys wireless router,having problems...

    Hello Stinman, and don't worry, few settings and you'll be good to do. Overblocking is the issue

    Your router's address is 192.168.1.1.
    Your computers cannot possibly have the same address.
    The alerts you see in ZA have to do with the computer trying to ask the router for new issue of IP and if that's blocked, you can't get a reasonable address.

    I doubt you need to make changes in the router since the Linksys defaults are usually good (other than the password which should be changed), but confirm that the range of IP addresses the router can issue excludes the router itself. The default is 192.168.1.100 to .254. Usually computers get .100, .101 etc. But you can set just about any range.

    Borrowing the instructions from Guru Oldsod here, since he wrote it so well:

    1. Go to Run type in command, hit OK, and type ipconfig /all then press enter. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side
    2. In ZA on your machine on the Firewall>Zones tab click Add and then select IP Address. Make sure the Zone is set to Trusted
    3. Click OK and then Apply for each one.
    4. The localhost or loopback must be listed as Trusted. It has the address of 127.0.0.1
    5 The Generic Host Process or the svchost.exe listed in the Program list must have both Trusted and Internet access and it must have server rights for the Trusted Zone, but not the Internet Zone.

    At point 1, if you see that the IP address of the computer is indeed 192.168.1.1, the Network properties need a fix. If that happens, post your data here and someone will help.

  3. #3
    stinman Guest

    Default Re: ZA Suite and linksys wireless router,having problems...

    I wish I could say that I had not did that before,but I have.I did that before I even post.This is the configuration:
    Ip address 192.168.1.1.xxx
    Dhcp servers 192.168.1.1
    default gateway 192.168.1.1
    dns servers 74.128.1.33
    subnet mask 255.255.255.0
    IP routing enabled no
    wins proxy enabled no
    Thats it,all addresses are in the trusted zone.Today when I turned on my pc and looked at my za log,it read:
    RegistryKey-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\ LEGACY_RASMAN
    RegistryKey-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\R asMan\Parameters-RegValueName-IpOutHighWatermark
    RegistryKey-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\R asMan\Parameters-RegValueName-IpOutLowWatermark
    RegistryKey-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cl ***\{4D36E972-E325-11CE-BFC1-08002BE10318}\0002-RegValueName-EnableForRas
    RegistryKey-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cl ***\{4D36E972-E325-11CE-BFC1-08002BE10318}\0002-RegValueName-EnableForRouting
    RegistryKey-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cl ***\{4D36E972-E325-11CE-BFC1-08002BE10318}\0003-RegValueName-EnableForRas
    RegistryKey-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cl ***\{4D
    ASW,2007/09/07,00:18:54 -4:00 GMT,UltraVNC,RAT,Manual
    File Name-C:\System Volume Information\_restore{97C63A19-36EE-4E8A-82CF-9FF12A4EA1A2}\RP409\A0047185.dll
    File Name-C:\System Volume Information\_restore{97C63A19-36EE-4E8A-82CF-9FF12A4EA1A2}\RP409\A0047183.sys
    File Name-C:\System Volume Information\_restore{97C63A19-36EE-4E8A-82CF-9FF12A4EA1A2}\RP409\A0047182.dll
    File Name-C:\System Volume Information\_restore{97C63A19-36EE-4E8A-82CF-9FF12A4EA1A2}\RP409\A0047186.sys
    File Name-C:\System Volume Information\_restore{97C63A19-36EE-4E8A-82CF-9FF12A4EA1A2}\RP409\A0047200.dll
    File Name-C:\WINDOWS\inf\oem8.PNF
    ASW,2007/09/07,00:18:56 -4:00 GMT,WinKeeper,Other,Manual
    File Name-C:\System Volume Information\_restore{97C63A19-36EE-4E8A-82CF-9FF12A4EA1A2}\RP409\A0047077.sys
    ASW,2007/09/07,00:19:16 -4:00 GMT,Win32.Trojan.Dropper.Delf,Trojan,Manual
    File Name-C:\System Volume Information\_restore{97C63A19-36EE-4E8A-82CF-9FF12A4EA1A2}\RP409\A0047198.exe
    AV/treatment,2007/09/07,00:32:34 -4:00 GMT,not-a-virus:RemoteAdmin.Win32.WinVNC.4,C:\System Volume Information\_restore{97C63A19-36EE-4E8A-82CF-9FF12A4EA1A2}\RP404\A0044954.dll,Infected,Auto
    AV/treatment,2007/09/07,00:32:34 -4:00 GMT,not-a-virus:RemoteAdmin.Win32.WinVNC.4,C:\System Volume Information\_restore{97C63A19-36EE-4E8A-82CF-9FF12A4EA1A2}\RP402\A0044933.exe,Infected,Auto
    AV/treatment,2007/09/07,00:33:02 -4:00 GMT,,C:\System Volume Information\_restore{97C63A19-36EE-4E8A-82CF-9FF12A4EA1A2}\RP402\A0044933.exe,Scan Failed,Manual
    AV/treatment,2007/09/07,00:33:02 -4:00 GMT,,C:\System Volume Information\_restore{97C63A19-36EE-4E8A-82CF-9FF12A4EA1A2}\RP404\A0044954.dll,Scan Failed,Manual
    AV/scan,2007/09/07,00:33:02 -4:00 GMT,Multiple Files,Scan Completed,Manual
    AV/update,2007/09/07,16:14:48 -4:00 GMT,,Update Install Failed,Auto
    ZLUpdate,2007/09/07,16:15:50 -4:00 GMT,,,Manual
    AV/update,2007/09/07,16:16:22 -4:00 GMT,,Update Install Completed,Manual
    ZLUpdate,2007/09/07,16:16:46 -4:00 GMT,,,Manual
    FWIN,2007/09/07,16:17:32 -4:00 GMT,192.168.1.1:2469,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:17:32 -4:00 GMT,192.168.1.1:2470,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:17:32 -4:00 GMT,192.168.1.1:2471,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:17:32 -4:00 GMT,192.168.1.1:2472,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:17:32 -4:00 GMT,192.168.1.1:2473,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:17:32 -4:00 GMT,192.168.1.1:2474,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:17:32 -4:00 GMT,192.168.1.1:2475,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:17:32 -4:00 GMT,192.168.1.1:2476,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:17:32 -4:00 GMT,192.168.1.1:2477,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:17:32 -4:00 GMT,192.168.1.1:2478,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:17:32 -4:00 GMT,192.168.1.1:2479,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:19:32 -4:00 GMT,192.168.1.1:2480,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:19:32 -4:00 GMT,192.168.1.1:2481,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:19:32 -4:00 GMT,192.168.1.1:2482,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:19:32 -4:00 GMT,192.168.1.1:2483,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:19:32 -4:00 GMT,192.168.1.1:2484,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:19:32 -4:00 GMT,192.168.1.1:2485,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:19:32 -4:00 GMT,192.168.1.1:2486,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:19:32 -4:00 GMT,192.168.1.1:2487,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:19:32 -4:00 GMT,192.168.1.1:2488,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:19:32 -4:00 GMT,192.168.1.1:2489,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:19:32 -4:00 GMT,192.168.1.1:2490,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:21:34 -4:00 GMT,192.168.1.1:2491,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:21:34 -4:00 GMT,192.168.1.1:2492,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:21:34 -4:00 GMT,192.168.1.1:2493,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:21:34 -4:00 GMT,192.168.1.1:2494,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:21:34 -4:00 GMT,192.168.1.1:2495,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:21:34 -4:00 GMT,192.168.1.1:2496,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:21:34 -4:00 GMT,192.168.1.1:2497,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:21:34 -4:00 GMT,192.168.1.1:2498,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:21:34 -4:00 GMT,192.168.1.1:2499,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:21:34 -4:00 GMT,192.168.1.1:2500,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:21:34 -4:00 GMT,192.168.1.1:2501,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:23:34 -4:00 GMT,192.168.1.1:2502,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:23:34 -4:00 GMT,192.168.1.1:2503,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:23:34 -4:00 GMT,192.168.1.1:2504,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:23:34 -4:00 GMT,192.168.1.1:2505,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:23:34 -4:00 GMT,192.168.1.1:2506,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:23:34 -4:00 GMT,192.168.1.1:2507,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:23:34 -4:00 GMT,192.168.1.1:2508,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:23:34 -4:00 GMT,192.168.1.1:2509,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:23:34 -4:00 GMT,192.168.1.1:2510,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:23:34 -4:00 GMT,192.168.1.1:2511,239.255.255.250:1900,UDP
    FWIN,2007/09/07,16:23:34 -4:00 GMT,192.168.1.1:2512,239.255.255.250:1900,UDP

    I know this is a lot of stuff to load here,but it goes on and on all the way to 192.168.1.1:3512,239.255.255.250:1900,UDP,this is the last part of one of those lines.I installed UBD4Win the other day to try to fix my mothers pc.I wanted to make a boot disk for her pc but ZA said that about 7 programs were not a virus but bad program or something,the site said that it would happen also in Bart's PE same thing so don't be alarmed
    about that part of the log.I hope,HA HA.What does this mean,all those numbers?the 2510,2511,2512 and so on,are these ports?Is this the router trying to communicate? Can anyone explain what is going on,I never had this trouble when I was hooked up direct,just the regular china scans,somewhere in Australia also and Canada,they were all blocked as well as these.I finally blocked this above also,if I don't it will go on forever! Thanks to all!

    Mark
    ZoneAlarm Security Suite version:7.0.337.000
    TrueVector version:7.0.337.000
    Driver version:7.0.337.000
    Anti-virus engine version:3
    Anti-virus signature DAT file version:20070904132000
    Anti-spyware engine version:5.0.176.0
    Anti-spyware signature DAT file version:01.200709.2375
    AntiSpam version:4.9.1.8211

  4. #4
    zaswing Guest

    Default Re: ZA Suite and linksys wireless router,having problems...

    You do have Generic Host process allowed as a server in the trusted zone, right?
    And you do have the loopback 127.0.0.1 in the trusted zone, right?

    xxx.xxx.xxx.xxx:25xx are port numbers the system assigns

    Stop, then disable SSPD and uPnP services in that order, that'll take care of these entries "FWIN,2007/09/07,16:17:32 -4:00 GMT,192.168.1.1:2469,239.255.255.250:1900,UDP&quot ; which is multicast. Windows is doing it when those services run. And/or block multicast in ZA. No, it's not the router speaking

    BartPE - is not a problem.
    UBD4Win - probably not a problem
    RasMan - do you really run remote access ?
    UltraVNC - might be related to the trojan
    Win32.Trojan.Dropper.Delf - is verrrrry suspicious. Do you have it, or traces thereof? Did ZA remove it? Is it still in the restore point files?

    Check this thread out
    http://forum.zonelabs.org/zonelabs/b...d=74889#M22459

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •