Results 1 to 7 of 7

Thread: zlclient allowed to access various port 53

  1. #1
    riptx Guest

    Default zlclient allowed to access various port 53

    I noticed in my Zone Alarm (free) firewall log that zlclient.exe is being given permission to access port 53 on various and different computers from day to day.
    I copied the ip address listed in the log as the port 53 contact and some of the dsn's I looked up to give you a sample of what I'm seeing.
    84.53.144.8:53 ripe.net in Amsterdam24.242.155.50:53 www.texas-bass.com207.27.253.17:53 newsdrive.fishingworld.com165.91.107.139:53 eit.tamu.edu206.165.245.50:53 images.postdirect.com68.120.74.254:53 68-120-74-254ded.pacbell.net209.67.27.16:53 amch.questionmarket.r3h.net207.46.236.25:53 ad.spynet.microsoft.akadns.net
    Why is a Zone Alarm client sneaking off on it's own to various computers? Some I recognize, others I don't. I'm unsure whether to be suspicious about it. I don't recall giving zlclient.exe any permissions. I see where a Zone Alarm program (called Zone Labs Client) is a permission program, among a couple other Window operating system programs, on the dashboard next to the unlock icon.
    Thanks for your advise. -ray

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm (Free)
    Software Version:6.1

  2. #2
    riptx Guest

    Default Re: zlclient allowed to access various port 53

    In some cases I listed the dsn supplied by the log as the destination, as I continued to research this, I noticed an ip number may connect to a something else, confusing me even more.
    -ray

  3. #3
    riptx Guest

    Default Re: zlclient allowed to access various port 53



    Today, after shutting down my computer and restarting, I noticed that the zone lab client program icon was not next to the two windows operating system program icons by the unlock on the dashboard.

    I'm wondering if Zone Alarm may go out to check something under certain conditions and give itself permission to do so. I may have missed a simple explanation somewhere when I looked through the forum and the help files.

    My zlclient.exe has not made an attempt to access port 53 on any computers for 8 hours now after starting the computer. The last attempt was yesterday almost 23 hours ago near 7pm, when it accessed ripe.net over in Amsterdam. -ray

  4. #4
    leonp Guest

    Default Re: zlclient allowed to access various port 53



    Program Name
    Zone Labs Client

    Filename
    zlclient.exe

    Remote Port 53

    Remote IP Address
    62.38.5.235
    The IP address of the remote computer that caused the alert.



    zlclient.exe connects to that IP all the time.
    The IP belongs to my ISP (HOL) and it is not the DNS server.
    Why does it need to do that?

  5. #5
    learner2020 Guest

    Default Re: zlclient allowed to access various port 53



    ZA should only be accessing port 53 outbound to your ISP's DNS servers.

    Call ISP just in case.






  6. #6
    riptx Guest

    Default Re: identifying actual dns server for comparison to ZA client contact



    A reason I expressed concern is that Zone Alarm is giving this client program outbound permission to access a dns port on "various" computers, and none appear to be related to the Cox Cable network (isp).

    Calling
    Cox Cable (isp) to ask if they are using random
    dns servers sure seems like a stretch. Wouldn't an isp use one maybe two consistent servers in their domain for dns, not a new one anywhere in the world each day?

    Is there a way to identify the actual ip number of my assigned dns server each day? Perhaps I'm somehow getting reassigned to various random computers daily which seems suspicious too. -ray

  7. #7
    riptx Guest

    Default Re: used ipconfig and router stats, ZA client accessing unauthorized dns servers



    So I did some research...

    I used the ipconfig commands (ipconfig /all and ipconfig /displaydns) to see what windows was using for dns and see what dns were recently resolved.

    My router is my dns address. So,
    I had to sign onto my router to see what it was using via dhcp with the isp. It listed three dns servers assigned, all related to the isp, and all responding to pings.

    I also looked through the recently resolved addresses cache to see what ip numbers were there. Perhaps some recent ip lookups were threading into the ZA client somehow.

    None of the addreses had anything to do with the port 53 contacts made by the ZA client.

    It appears that my last update of Zone Alarm (6.1.744.001) is giving itself permission to make dns contacts with servers that are not the current dns servers used via my dhcp connection. Maybe the log is not accurate?

    Well fellow ZA users, with so little response here from ZA experts, sounds like they are confused by what the new ZA is doing too. Or, do I have a corrupt version? Is this only my particular ZA, perhaps hacked somehow? I'm using a brand name
    virus scan, it's not seeing a virus, and the
    ZA firewall is not catching the penetration if my particular ZA client is hacked.
    So confused and feeling so alone here. -ray

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •