Results 1 to 9 of 9

Thread: updated and have question

Hybrid View

  1. #1
    dweller Guest

    Default updated and have question

    I recently updated to 6.0.667.000 and soon afterward notice my log is constantly recieving hits from 205.171.3.65, whereas it hits every port (denied) and once it runs through them all, starts all over again. It is constant as soon as i connect (dialup) and has been going on since update.

    About once a week, i get the following message from another firewall (sysgate) i installed to check this occurance:

    The executable has changed since the last time you used: C:\WINNT\system32\ZoneLabs\vsmon.exe
    File Version : 6.0.667.000
    File Description : TrueVector Service
    File Path : C:\WINNT\system32\ZoneLabs\vsmon.exe
    Process ID : 0x598 (Heximal) 1432 (Decimal)

    Connection origin : local initiated
    Protocol : UDP
    Local Address : xxxxxxxx
    Local Port : 4179
    Remote Name :
    Remote Address : 205.171.3.65 <--- (same address as above)
    Remote Port : 53 (DOMAIN - Domain Name Server)

    Ethernet packet details:
    Ethernet II (Packet Length: 86)
    Destination: ba-3a-20-00-71-00
    Source: 00-00-0f-00-00-00
    Type: IP (0x0800)
    Internet Protocol
    Version: 4
    Header Length: 20 bytes
    Flags:
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset:0
    Time to live: 128
    Protocol: 0x11 (UDP - User Datagram Protocol)
    Header checksum: 0x2f7 (Correct)
    Source: xxxxxxxxx
    Destination: 205.171.3.65
    User Datagram Protocol
    Source port: 4179
    Destination port: 53
    Length: 8
    Checksum: 0x636a (Correct)
    Domain Name System (Query)
    Flags: 1
    Questions: 1
    Querys:
    zonelabs.com

    Binary dump of the packet:
    0000: BA 3A 20 00 71 00 00 00 : 0F 00 00 00 08 00 45 00 | .: .q.........E.
    0010: 00 3A 53 76 00 00 80 11 : F7 02 41 8F DD BE CD AB | .:Sv......A.....
    0020: 03 41 10 53 00 35 00 26 : 6A 63 11 4F 01 00 00 01 | .A.S.5.&jc.O....
    0030: 00 00 00 00 00 00 08 7A : 6F 6E 65 6C 61 62 73 03 | .......zonelabs.
    0040: 63 6F 6D 00 00 01 00 01 : 64 64 72 04 61 72 70 61 | com.....ddr.arpa
    0050: 00 00 0C 00 01 30 : | .....0

    ---------------------------

    so it appears my computer is initiating a response from that address due/since the update? Should this be happening, or how do i stop or correct it. The option is to let TrueVector Service access the internet, i usually choose No. I have no idea who it is.

    thanks for any info, i'd like to shut off this constant port pinging.

    dp

    Operating System:Windows 2000 Pro
    Product Name:ZoneAlarm (Free)

  2. #2
    dweller Guest

    Default Re: updated and have question

    lots of views, no comments?

    is this too technical a question for this forum?

    dp

  3. #3
    billc Guest

    Default Re: updated and have question

    From what you posted, I believe it is the Domain Name Server for Quest Communications. Is Quest your ISP by chance? My clues include..........

    205.171.3.65 PTR record: resolver1.qwest.net.
    Port 53 is typically used to convert between URL's and IP Addresses (DNS)
    A common network application that use UDP is the Domain Name System

  4. #4
    dweller Guest

    Default Re: updated and have question

    no, not my isp, and i discussed this with them recently so they didn't offer any advice either.

    i still think this is connected to the updated za, since it started when i updated and has been constant ever since.

    any other advice?

    thanks
    dp

  5. #5
    billc Guest

    Default Re: updated and have question

    I re-read your first post and noticed you asking about TrueVector Service. This is the name of your ZA Firewall engine also known as vsmon.exe. The IP belongs to Quest based on a reverse lookup: look here . Nonetheless, it may be your firewall checking for updates because in so doing, a domain name will need to be resolved to an IP and Quest seems to be providing that service. Do you think that makes sense? In any event, I do not think it is malicious.

  6. #6
    dweller Guest

    Default Re: updated and have question

    okay, thanks.
    I'll okay this contact to see if it will stop the port pinging by that address. Curious tho as to why updating would cause some remote dns to hit every port on my computer once i updated za...

    dp

  7. #7
    dweller Guest

    Default Re: updated and have question

    no go.
    I okayed the True Vector, and the hits just keep coming.

    i believe my only choice is to downgrade to my previous za version.
    dp

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •