Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Help! more than 1600 alerts during lasts hours! I don't know what's going on :(

  1. #1
    nebulari Guest

    Default Help! more than 1600 alerts during lasts hours! I don't know what's going on :(

    Ihave Zone Alarm 6,1. Strange thing happened today and it's still moving. :/ Usually I have about 50-90alerts per month but Yesterday my ip adres has been changed but it is not point,It's happens from time to time when my interent provider has some problems, Anyway strange thingis Today I have 1600 alerts, mosts incoming some routed, many different IP's and ports, desination the same mi new ip, port mostly 18688, protocol mostly UDP,and nowthey are coming really fast! about 1/2sececond I'm scared. What should I do ? What's going on ? Please Help me...here are samples

    "ZoneAlarm blocked traffic to port 18688 on your machine from port 40846 on a remote computer whose IP address is 83.16.52.50. This communication attempt may have been a port scan, or simply one of the millions of unsolicited commercial or network control messages that are routinely sent out over the Internet. Such unsolicited messages are often called Internet background noise."

    "ZoneAlarm blocked traffic to port 18688 on your machine from port 33029 on a remote computer whose IP address is 83.81.143.86. This communication attempt may have been a port scan, or simply one of the millions of unsolicited commercial or network control messages that are routinely sent out over the Internet. Such unsolicited messages are often called Internet background noise."

    "ZoneAlarm blocked traffic to port 18688 on your machine from port 44444 on a remote computer whose IP address is 68.1.251.240. ..."

    "ZoneAlarm blocked traffic to port 9898 on your machine from port 3546 on a remote computer whose IP address is 60.36.122.103. ..."

    "ZoneAlarm blocked traffic to port 18688 on your machine from port 21112 on a remote computer whose IP address is 84.139.78.78. ..."

    "ZoneAlarm blocked an incoming data packet that was addressed to port 18688 on another computer. The packet was either mistakenly or intentionally routed through your computer. The data packet was sent from port 44005 on a computer whose IP address is 81.234.171.203."

    And Now when I am ending to write this post is 2465 alerts already (((((((((((((

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm (Free)
    Software Version:6.1

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Help! more than 1600 alerts during lasts hours! I don't know what's going on :(

    Hi

    Sounds like your provider has given you a lousy IP.Maybe you inherited somebody's elses problems or previous connections. Lookup the addresses at:

    http://isc.sans.org/

    http://www.dnsstuff.com/

    http://ws.arin.net/whois

    If you haven't blocked the IP ranges in the ZA already, it should be done. The ranges to block are available at the lookup sites.

    What about getting a cheap router (SPI/NAT)? All of these unsolicted attempts will cease to appear with the router.And anybody other attempts to connect to your PC. The router should always show zero intrusions.

    Oldsod
    Best regards.
    oldsod

  3. #3
    socalreviews Guest

    Default Re: Help! more than 1600 alerts during lasts hours! I don't know what's going on :(

    As long as ZoneAlarm is blocking what is causing those alerts you should be fine. This is exactly what a firewall is suppose to do. It is possible that when your internet IP address changed you aquired an IP address that a previous computer had been using that could have been compromised by hackers. Maybe that other person who had the IP address before you had a virus or maybe you just got unlucky with that newer IP address since it might be the focus of internet port scans.

    However, most of that activity is probably just internet background noise but if it really bothers you what I would recommend you do is to purchase a basic inexpensive NAT (network address translation) router such as Netgear, D-Link, Linksys, etc.. I use and recommend the Linksys WRT54GL (with Linux based firmware and it is different than the new more common WRT54G model) router but most brands will work well for what you are trying to do. You add the router in between the modem and your computer. ZoneAlarm should detect the changes with your connection and automatically adjust. You can call your ISP or the router manufacturer if they offer the support for help with configuring the router and to help with any special configuration you need to make for your connection to work properly with the router. The router will block that unwanted activity that you are seeing with the ZoneAlarm alerts and the inbound alerts from the internet should go away. If they don't go away then something else is going on and I would recommend you check your computer for viruses, spyware, malware, etc. From your post though it sounds like this is all inbound activity from the internet and not outbound activity from your computer.

    You should realize that although a router is not required since you have ZoneAlarm for a software firewall, most people use NAT routers for an extra layered level of internet security and ZoneAlarm is designed to work well along with them. Since I do not know your level of computer knowledge or whether or not you already know all about routers I tried to make this reply as detailed as possible for you to understand. If you have any more questions about this or need help configuring ZoneAlarm after installing the router then simply post back in this forum for help.

    Message Edited by SoCalReviews on 08-22-2006 10:54 PM

  4. #4
    socalreviews Guest

    Default Re: Help! more than 1600 alerts during lasts hours! I don't know what's going on :(

    Hi Guru Oldsod, I was in the process of posting a reply and didn't realize you had just replied before me. I read that you basically gave similar recommendations. BTW... I did run a few of those addresses through ARIN WHOIS (http://www.arin.net/whois/) and most of them were from the RIPE network based out of Europe. With one address that was mentioned I did the more detailed WHOIS lookup on RIPE and found that last address to be located in Krakow, Poland. It seems to belong to an ISP there since they own many IPs in that range. As you mentioned that range could just be blocked in the ZA firewall configuration but I still think the router is the solution of choice.

    Most newer routers including the one I am using (Linksys WRT54GL) have WAN filtering options to stealth the ports from scans including the Identity port 113 which used to be a problem in many older routers since that port use to respond as closed. I never bother with this anymore since I don't have the time or the need to know who is trying to scan the stealthed ports on my router.

    Message Edited by SoCalReviews on 08-24-2006 10:58 AM

  5. #5
    nebulari Guest

    Default Re: Help! more than 1600 alerts during lasts hours! I don't know what's going on :(

    Ufff.... Today it's seems stoped Hovever I'm gonna buy this router as soon as possible cuz I like security and my data is for me priceless. Thank you guys very much for advice!!!

  6. #6
    socalreviews Guest

    Default Re: Help! more than 1600 alerts during lasts hours! I don't know what's going on :(

    You are welcome Nebulari! I wish you the best with your computing.



    Message Edited by SoCalReviews on 08-24-2006 10:57 AM

  7. #7
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Help! more than 1600 alerts during lasts hours! I don't know what's going on :(

    Hi Guru SoCalReviews

    At least our recommendations coinincide and we are in agreement. I have often started a reply only to be beat to the post button.

    I just purchased a refurbished Netgear RP 614 v2, from the computer discount store down the street, for my neighbour. Regular price is 29.99 Canadian Dollars. All were ports stealthed (tested at grc.com). I did the usual setup by closing the BIOS, DCOM and IRC amd mIRC ports and disabled the remote login and the PnP ports and disabled the respond to ping. I am always amazed that the routers find the provided IP address immediately and do require very little effort to be good to go and be internet ready.

    Oldsod
    Best regards.
    oldsod

  8. #8
    socalreviews Guest

    Default Re: Help! more than 1600 alerts during lasts hours! I don't know what's going on :(

    Oldsod,I like some of the older wireless "G" routers better than the newer MIMO or Pre-N routers. I tend to have less problems with the older wireless ones effecting the other 2.4 Ghz band devices I use around my place. The older non-wireless ones are good also as long as they have the WAN filtering and the Identity port 113 stealthed. The only Linksys routers I buy now are the Linksys WRT54GL models and I have purchased about eight of them for my own use and for other people. They also are compatible with third party firmware that turn them into little powerhouse wireless devices that are amazing (www.dd-wrt.com and linksysinfo.org) . I have read some negatives about the newer Linksys WRT54G v5 or later routers that have less RAM and use VxWorks OS instead of Linux for firmware but maybe Linksys will be working out the bugs for those in the near future. That refurbished Netgear you got for your neighbor sounds like it was a good deal and I am sure it will work great.

    -SoCal



    Message Edited by SoCalReviews on 08-24-2006 10:57 AM

  9. #9
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Help! more than 1600 alerts during lasts hours! I don't know what's going on :(

    SoCalReviews that a lot of info! Thanks for the insider views. I have heard as well that the Linux firmware is the better. Good to hear some news!

    Oldsod
    Best regards.
    oldsod

  10. #10
    nebulari Guest

    Default Re: Help! more than 1600 alerts during lasts hours! I don't know what's going on :(

    Hi, I am again. :8} I have one more question because I don't know exactly what router I need. I am connecting to the internet through radio network. I have Wireless PCI AdapterD-Link DWL-520+ and antenna on my roof. Will this Linksys WRT54GL-EU work with my wireless adapter. I'm not sure how it's working... oh! and THX again for your help!

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •