Results 1 to 5 of 5

Thread: Can I stop alerts by IP or IP range?

Hybrid View

  1. #1
    ambush Guest

    Default Can I stop alerts by IP or IP range?

    I keep getting "ZoneAlarm Security Alert" "Protected" message popups bearing the IP of another computer (or is it the router?) of my small home network. Here's the exact message:

    ================================================== =====================

    ZoneAlarm Security Alert
    Protected

    The firewall has blocked Internet access to your computer (NetBIOS Session) from 192.168.1.101 (TCP Port 1138) (TCP Flags: S)

    (then it gives the time and date)

    at the bottom it has a checkbox: "Don't show this dialog again".

    ================================================== =====================

    I'd LIKE to just check that checkbox, but I'm afraid it will then no longer show me any alerts, no matter what the IP address is, and I don't want that. I want to block the message for just the one IP (or a range of IPs). Can I do that, and how?

    TIA

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Pro

  2. #2
    watcher Guest

    Default Re: Can I stop alerts by IP or IP range?

    Dear ambush:

    This IP address appears to be your router. They usually have a last octet of 1 but yours is a variant. The private IP address listed in your post is not routable on the Internet. Check to be sure your LAN is in the Trusted zone. In the Zones tab of the Firewall panel, you should see something like this, based on the IP address you listed: New Network(or renamed to something else); 192.168.1.0/255.255.255.0; Network; Trusted. If the last column is Internet, change that to Trusted. By default, the Trusted zone has Medium security, allowing communication between router and PC(s).

    You can block IP addresses/ranges by creating expert firewall rules or use the Zones tab and add them to the Blocked zone. The difference is that expert firewall rules are executed before zone rules. Plus, expert firewall rules are more granular, meaning you can create more specific rules than with the Zones rules. It's better to block unwanted/malicious traffic by destination port(on your PC) than by IP address/range. The reason is there are so many IP addresses out there and by preventing access to ports that you do not use and are abused by hackers, and not logging them any further after you block them, the Log Viewer tab of the Alerts and Logs panel doesn't fill up with so many entries and you can review them easier.

    To block an IP address/range using the Zones tab, click Add button in lower right. Click IP Address/IP Range then add click down arrow for Zone, click Blocked, add IP address/range, then add Description, then click OK. Don't forget to click Apply button in lower right of Zones tab.

    To block an IP address/range from the Expert tab, click the Add button in the lower right. The Add Rule dialog box displays. Follow this procedure:

    Rank=1(assuming this is your 1st rule)
    Name=Deny IP1
    State=Enabled
    Action=Block
    Track=None(unless you want to)
    Source-click Any then the Modify button; hightlight Add Location and then click IP Address/Range; in the Add IP Address or Add IP Range dialog boxes, Description=Block IP address1/IP range 1; add IP address/range; click OK.
    Destination-click Any then the Modify button; highlight Add Location and then click My Computer
    Protocol-click Any then the Modify button; highlight Add Protocol and then click Add Protocol; in the Add Protocol dialog box, click TCP & UDP under Protocol; Description=Block IP Address1/IP range 1; Destination Port=Other/Any and Source Port=Other/Any. Click OK. Now click Apply button in the lower right. The expert rule is now listed and active.

    Hope this helps.

    WATCHER

    Message Edited by WATCHER on 11-18-2007 05:46 PM

  3. #3
    ambush Guest

    Default Re: Can I stop alerts by IP or IP range?

    Thank you, Watcher, for your most informative reply. I very much appreciate the time you spent on my behalf.

    Forgive me, but while I follow nearly all of what you wrote (I'm a reasonably competent user), I'm not entirely sure how to proceed. Perhaps if I give you more info you will be able to help me further?

    Here is my situation and settings. I'll focus on just two of my connected computers, which share a port (using a switch) to the router (the router is directly wired to cable internet).

    Computer 1:
    Firewall->Zones:
    "Cable Net" 192.168.1.0 to 255.255.255.0 (Network: Internet Zone)
    "Local Net" 192.168.0.1 to 192.168.101.255 (Network: Trusted Zone)

    Computer 2:
    Firewall->Zones:
    "Cable Net" 192.168.1.0 to 255.255.255.0 (Network: Internet Zone)


    Only now do I realize the settings for Computer 2 are different than 1. Should I add the "Local Net" settings to the second computer? I don't know how I've been sharing files (via Windows XP) without it, but it seems to work.

    Perhaps I should just ask you to provide me with the settings you deem best for my situation. Would you be so kind?

  4. #4
    watcher Guest

    Default Re: Can I stop alerts by IP or IP range?

    Dear ambush:

    If you take a look at the Zones tab entries you listed, you'll see that Computer 1's Local Net entry, which appears to have been added by you, covers the IP range of the Cable Net network IP address. Remove that entry and place Cable Net in the Trusted zone for both PCs. The IP address 192.168.1.0 is a private network IP address for your LAN. In the Zones tab for both computers, place that entry in the Trusted zone. This network IP address contains 254 addressable hosts, 192.168.1.1-192.168.1.254. Your router's IP address is probably 192.168.1.1. If you type this address into a web browser from one of your 2 PCs, you should bring up the router configuration screen. Since each router is different, consult your manual in configuring it. By default, it appears your router is assigning IP addresses to your PCs (DHCP-Dynamic Host Configuration Protocol)in the range specified above. Your router is probably using NAT, or Network Address Translation, converting the private IP address of your PCs into the public IP address, provided by your ISP, for requests sent out on the Internet. It reverses the process when the responses are rec'd. Your router should also have SPI, or Stateful Packet Inspection, turned on which blocks all unsolicited traffic to your LAN PCs.

    You can check the IP address assigned to either PC by clicking Start, Run, type CMD, then click OK. In the DOS window that opens, type: ipconfig /all .Note the space between the g and /. Look for the IP Address field and there will be your PC's assigned IP address. Now, from the same PC, open a web browser and go to this site:

    https://www.grc.com/x/ne.dll?bh0bkyd2

    This is the Shields Up site for Gibson Research Corporation which will display your public IP address. Note that it is different than the IP address assigned to your PC by your router. This is the public IP address assigned by your ISP, who probably uses DHCP as well.

    Hope this helps.

    WATCHER

  5. #5
    ambush Guest

    Default Re: Can I stop alerts by IP or IP range?

    WATCHER, I cannot tell you how pleased and impressed I've been by the quality of your responses and the time you spent preparing them for me.

    The "Shields Up" site URL you provided was also quite helpful.

    I do not yet know if I have seen the last of the pop-ups that prompted me to submit my OP, but I have every confidence in you.

    Thank you so very much!


    I wonder if you would be so kind as to examine the following new thread I just began:

    How to deal with these random "attempting to monitor user activities" messages?

    Thanks again.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •