Results 1 to 3 of 3

Thread: Constant stream of incoming blocked alerts

  1. #1
    gnazt Guest

    Default Constant stream of incoming blocked alerts

    Mainly UDP, only on 1 of 3 computers in the home network.
    Ran adaware and my antivirus (NOD).
    every source IP is different and I've looked up in whois
    Any ideas on what I can do to stop it or what it may be.
    RegardsDes

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Pro

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Constant stream of incoming blocked alerts

    Make sure your DNS and DHCP server IP's are in your Firewall's Trusted zone. Finding DNS and DCHP servers, etc

    1. Go to Run type in command , hit 'ok', and type ipconfig /all then press enter. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side.
    2. In ZA on your machine on the Firewall>Zones tab click Add and then select IP Address. Make sure the Zone is set to Trusted.
    3. Click OK and then Apply and see if that works to fix it.
    4. The localhost (127.0.0.1) must be listed as Trusted.
    5. The Generic Host Process (svchost.exe) must have server rights for the Trusted Zone.
    Plus it must have both Trusted and Internet Access.

    http://zonealarm.donhoover.net/dnsdhcp.html

    Oldsod
    Best regards.
    oldsod

  3. #3
    watcher Guest

    Default Re: Constant stream of incoming blocked alerts

    Dear gnazt:

    Please check your firewall log and note the port numbers they are trying to connect to on your PC, located in the Destination IP column. You can go to IANA's website to look up the port number and what services use it or Google it. Now, click the More Info button in the lower right of the Log Viewer tab with the event selected. This will activate CheckPoint's Online SmartDefense Advisor, using your browser. The Overview tab will give you a short explanation re what happened for this event and then click the Hacker ID tab to find out who's trying to connect to your computer. Personally, I have all these Chinese sites trying to connect to my computer for spam and other malicious purposes. The Hacker ID tab will give you the IP range for these sites which you should write down. Once done, create expert firewall rules to block this traffic by clicking Firewall panel, Expert tab. Expert firewall rules are processed before the Zone rules. You could also do the same in the Zones tab by adding the IP range to the Blocked zone but, again, using expert firewall rules offloads the malicious traffic before the Zone rules are applied. Once I determine traffic is malicious, I block the IP range and no longer log it, as I have identified it already as malicious and I have fewer log entries to analyze in the future. Using this method, and blocking the worst offenders first, your logs will be much more manageable and you spend less time reviewing them. Don't try and do all of them in one night. Do like 1/day, removing the malicious sites that generate the most entries first, and before long you will have fewer and fewer entries to analyze.

    If you choose to do nothing, however, you are still protected. ZAPRO performs stateful packet inspection so all unsolicited traffic will still be blocked. You'll just have all those entries listed in your firewall log because, by default, it logs all blocked traffic.

    Hope this helps.

    WATCHER

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •