Results 1 to 5 of 5

Thread: Anyone here run Zone Alarm Pro?

  1. #1
    wayneh Guest

    Default Anyone here run Zone Alarm Pro?

    If so I need to find out if it can be configured to block a "specific" incoming IP address. Occasionally my web site gets hammered and the log shows the destination as "Administrator". Someone is trying to get in where they don't belong. ZA free does not have the option and if Pro does I'll get it. If not does anyone know of any software that will do this?

    Thanks,

    Wayne

    Operating System:Windows XP Pro
    Software Version:
    Product Name:ZoneAlarm Pro

  2. #2
    Join Date
    Apr 2004
    Location
    East Coast of Florida - Lightening/Shark Bite Capital of the World
    Posts
    2,477

    Default Re: Anyone here run Zone Alarm Pro?

    Hi Wayne,I have ZA Pro installed and if I want to block a specific site, all I do is go into the Firewall Tab, to Zones, scroll down to the bottom of the page where it says ADD, click on ADD, another panel will open up with options such as IP Address, Host Site, etc. Click on IP Address and another panel will open up. It will either say Trusted or Blocked. So, if you are blocking a specific IP Address, make sure you change it to BLOCKED, then put in the IP Address, and some type of description of your choice. Then click on OK or APPLY. Then you are good to go.Hope this info has helped you, if not PLEASE post back, THANKS.SlyFox
    "Politeness costs nothing and gains everything".

    Click here for ZA Support

    Avail. 24x7 - Excl. Holiday













  3. Default Re: Anyone here run Zone Alarm Pro?

    Thanks, exactly the information I needed.
    Wayne

  4. #4
    watcher Guest

    Default Re: Anyone here run Zone Alarm Pro?

    Dear WayneH:

    I use ZAPRO as well but I prefer to use expert firewall rules as they are enforced prior to the Zone tab rules. Once I determine that the traffic is malicious, I create an expert firewall rule to block it and then no longer log it. This reduces the size of the firewall log and allows you to examine newer threats without wading through all the blocked traffic entries that are logged by default.

    Another consideration is how you block traffic. ZAPRO blocks all ports by default except the ones you or your system are using. However, all that traffic is then logged. ZAPRO blocks all unsolicited inbound connection attempts by default. If you want to use my method above and create an expert firewall rule for blocking a single IP address, that is fine if you are receiving multiple attempted connections for each Internet session from a single IP source. However, look in the Destination IP column socket address and see what port they are trying to connect to on your computer. You can block a LOT of traffic(multiple IP addresses) merely by creating an expert firewall rule that blocks any traffic attempting to connect to a specific port on your computer. A good way to harden your computer against attack is to create expert firewall rules to block the following ports: 135, 137, 139, 445, 1026, 1027, and 1028. This is assuming you don't use these ports. Then set the rules not to log this traffic. Hackers and multiple domains use these ports for their own purposes, none of which are beneficial to you. You will reduce the size of your firewall logs greatly. This allows you to concentrate on the remaining entries. This method is useful in a DDoS attack, one of which I am experiencing now. I have multiple domains currently trying to connect to port 9021 on my computer(over 50 entries right now and this attack started the moment I went on the Internet). Trying to create an expert firewall rule to block this traffic using IP addresses would take dozens of expert firewall rules as this attack is either from a botnet or someone is using forged IP address headers to initiate the connection attempts. However, if I create a single expert firewall rule to block port 9021, I will block ALL those entries. I do use IP address ranges to block traffic from Chinese and North Korean locations as this is most certainly malicious. Also, IP address ranges for IANA reserved IP addresses should be blocked as hackers like to forge these IP addresses to make connection attempts.

    Hope this helps.

    WATCHER

  5. #5
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Anyone here run Zone Alarm Pro?


    <blockquote><hr>WayneH wrote:
    If so I need to find out if it can be configured to block a "specific" incoming IP address. Occasionally my web site gets hammered and the log shows the destination as "Administrator". Someone is trying to get in where they don't belong. ZA free does not have the option and if Pro does I'll get it. If not does anyone know of any software that will do this?

    Thanks,

    Wayne

    Operating System:
    Windows XP Pro
    Software Version:

    Product Name:
    ZoneAlarm Pro

    <hr></blockquote>


    You could block the specific site(s) using a javscript for your web site's html.

    Something like this>

    http://www.java-scripts.net/javascripts/IP-Block.phtml

    If using a web host service, they should have site blocking features.

    Oldsod
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •