Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Zone Alarm upgrade

  1. #1
    martin_rosen Guest

    Default Zone Alarm upgrade

    I installed the upgrade this morning (clean install). I left the security alert on, and since this morning (approx 13 hours), I have had over 1100 attempted intrusions. The alerts refers me to the page that tells me ZA has blocked access to port 139 on my PC.

    Is this number normal and what is port 139 for?

    Thank you.

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    watcher Guest

    Default Re: Zone Alarm upgrade

    Dear Martin_Rosen:

    Port 139 is the NetBIOS Session port used for file and printer sharing for PCs on a LAN. Since ZAISS blocked the request, this was probably an unsolicited attempt to connect to your PC for malicious purposes.

    Normal depends on what kind of protection your ISP uses on its servers and connectivity devices and speed of your connection and activity level of hackers on the Internet during the given period of time. I have dialup but I've had 100+ events in like a 6-hour period one time due to a DDoS attack. What I did was create expert firewall rules to block connection attempts to certain ports on my PC, then IP address ranges of Chinese, Iranian, and North Korean sites, and other malicious attackers that log repeated connection attempts to my PC, and finally IANA-reserved IP ranges that hackers like to forge and try to attack my PC. Once I create the rules, I set them not to log the traffic any more as I already know they are malicious. The result is a smaller, more manageable list, that allows me to look at new threats that log connection attempts, rather than wading through all of them and trying to pick out the new offenders.

    Look in the Destination IP column socket address and see what port(s) they are trying to connect to on your computer. You can block a LOT of traffic(multiple IP addresses) merely by creating an expert firewall rule that blocks any traffic attempting to connect to a specific port on your computer. A good way to harden your computer against attack is to create expert firewall rules to block the following ports: 135, 137, 139, 445, 1026, 1027, and 1028. This is assuming you don't use these ports. Then set the rules not to log this traffic. Hackers and multiple domains use these ports for their own purposes, none of which are beneficial to you. You will reduce the size of your firewall logs greatly. This allows you to concentrate on the remaining entries. This method is useful in a DDoS attack. I once had multiple domains try to connect to port 9021 on my computer(over 50 entries in one Internet session)and this attack started the moment I went on the Internet. Trying to create an expert firewall rule to block this traffic using IP addresses would take dozens of expert firewall rules as this attack is either from a botnet or someone is using forged IP address headers to initiate the connection attempts. However, if I create a single expert firewall rule to block port 9021, I will block ALL those entries.

    Hope this helps.

    WATCHER

  3. #3
    martin_rosen Guest

    Default Re: Zone Alarm upgrade

    Thanks for the information.

    However for a non-techie I don't really understand ! The protection is installed and I leave it. I don't know how to amend it. Any chance of giving me a step-by-step idiots guide ?!

    Cheers

  4. #4
    watcher Guest

    Default Re: Zone Alarm upgrade

    Dear Martin_Rosen:

    ZAISS has a Help file so I would recommend reading that a section at a time. It will help you understand ZAISS.

    That said, ZAISS, by default, protects your PC from external attacks. That is why your logs show all those entries. ZAISS is doing its job.

    Please don't be frustrated by not knowing how to do something and then label it as being an *****. Were that true, everyone on this earth would fit in that category. Just imagine all the information available currently in this world, in all its forms, and you'll see that what each of us learns in a lifetime represents an infinitesimal amount compared to it. What we actually retain is even less.

    I can't give you a "guide" in PC protection or even a synopsis of the Help file as this is beyond the scope of this forum. You state that "I don't really understand" and "I don't know how to amend it", but these are general questions. I don't know what you are referring to in either of these statements. Please rephrase and be as specific as possible in your questions.

    Hope this helps.

    WATCHER

  5. #5
    martin_rosen Guest

    Default Re: Zone Alarm upgrade

    Thank you again Watcher.

    What I didn't really understand was blocking of ports (not really understanding what a port is), and why they have different numbers.

    As for not knowing how to amend it, I was referring to ZAISS. I can change things from on to off and vice versa, and alter from low to high etc., but beyond that is out of my range of knowledge.

    I suppose I should read the Help file as soon as I have a chance. However, as long as it is blocking any threats in the interim that is my main concern.

    Regards

  6. #6
    watcher Guest

    Default Re: Zone Alarm upgrade

    Dear Martin_Rosen:

    Ports(logical) have been compared to windows on a house. They allow applications on your PC to communicate with servers on the Internet, like for updates, and for remote users to connect to your computer. That's why they need to be closed when not actually in use. There are 65,536 ports, separated into 3 categories: well-known-0-1023, registered-1024-49151, and dynamic or private-49152-65536. Well known ports are used by common Internet-aware applications. Registered ports are used by vendors for proprietary applications. Dynamic or private ports can be used by anyone. A list of well-known and registered ports can be found here:

    http://www.iana.org/assignments/port-numbers

    If you want to see what ports others are trying to connect to on your computer, click Alerts and Logs panel, Log Viewer tab, and where it says Alert Type, make sure Firewall is clicked. Under the Destination IP column, following the IP address/(and colon) of your computer, you will see the port number they are trying to connect to on your computer.

    As for ZAISS, it protects you with default settings the moment it is installed on your PC. The firewall settings are found in the Firewall panel, Main tab. By default, Internet Zone Security is set to High and Trusted Zone Security is set to Medium. These defaults will protect against most threats. These are the main settings but there are many other minor settings that can be configured as well.

    Hope this helps.

    WATCHER

    Message Edited by WATCHER on 12-05-2007 12:09 AM

  7. #7
    martin_rosen Guest

    Default Re: Zone Alarm upgrade

    <blockquote><hr>WATCHER wrote:
    Dear Martin_Rosen:

    Ports(logical) have been compared to windows on a house. They allow applications on your PC to communicate with servers on the Internet, like for updates, and for remote users to connect to your computer. That's why they need to be closed when not actually in use. There are 65,536 ports, separated into 3 categories: well-known-0-1023, registered-1024-49151, and dynamic or private-49152-65536. Well known ports are used by common Internet-aware applications. Registered ports are used by vendors for proprietary applications. Dynamic or private ports can be used by anyone. A list of well-known and registered ports can be found here:

    http://www.iana.org/assignments/port-numbers



    I looked at this, and I am afraid it didn't really mean much to me !



    If you want to see what ports others are trying to connect to on your computer, click Alerts and Logs panel, Log Viewer tab, and where it says Alert Type, make sure Firewall is clicked. Under the Destination IP column, following the IP address/(and colon) of your computer, you will see the port number they are trying to connect to on your computer.

    As for ZAISS, it protects you with default settings the moment it is installed on your PC. The firewall settings are found in the Firewall panel, Main tab. By default, Internet Zone Security is set to High and Trusted Zone Security is set to Medium. These defaults will protect against most threats. These are the main settings but there are many other minor settings that can be configured as well.

    </blockquote>


    I see quite a number have been blocked (42 since 09.12 today!). I presume if there was a legitimate use I would get a warning from the program that it cannot access my computer (for a particular reason).

    Basically, are you saying leave everything as it is and let it happily work away in the background?

    Thank you for being so patient with me.

  8. #8
    watcher Guest

    Default Re: Zone Alarm upgrade

    Dear Martin_Rosen:

    Basically, ports allow communication over a network like the Internet. Without them, you could not, for example, surf websites. When you type in a URL in the address bar of your web browser, it communicates with the web server on port 80 using the HyperText Transfer Protocol, or HTTP.

    As for legitimate traffic, whether or not you receive an alert depends upon how you have Program Control configured and what the program attempts to do. Click Program Control, Main tab. Under the Program Control section, make sure the slider is at least set to Medium and, even better, set it to High. Set to either, programs must ask for Internet access and server rights.

    Finally, yes, ZAISS has default settings, when first installed, that work against most threats. If you don't know much about the software, you should leave the default settings in place. If you want to tweak a setting, either read about it in the Help file for ZAISS, search this forum for an existing thread on the same subject that may answer your question, or start a new thread and ask your question.

    Hope this helps.

    WATCHER

  9. #9
    martin_rosen Guest

    Default Re: Zone Alarm upgrade

    Thanks again.

    One other thing which maybe slightly OT from my original question.

    ZASS is supposed to protect against spyware. However, I also use SpywareBlaster, AdAware, Spybot and Trend Micro and all of them find more spyware. Is there anyway of protecting against this altogether, or is it like trying to halt the spam e-mails ?!

    Regards

  10. #10
    watcher Guest

    Default Re: Zone Alarm upgrade

    Dear Martin_Rosen:

    I would get rid of Spyware Blaster, Ad-Aware, Spybot, and Trend Micro. These are all probably freeware versions and PC Magazine recently tested Ad-Aware, Spybot, and Trend Micro and found them as subpar in the detection and removal of spyware. I'm not a big fan of freeware antispyware utilities. I prefer commercial as they are more robust in the detection and removal of spyware. According to PC World and PC Magazine, Webroot's Spy Sweeper, PC Tools' Spyware Doctor, and **bleep** ' s CounterSpy are 3 good commercial antispyware utilities. These are signature-based scanners. If you want behavior-based scanners, try Prevx 2.

    If you want freeware, try Superantispyware. This is a signature-based scanner. I don't know how it rates in the detection and removal of spyware but I tested it earlier this year from an operational standpoint and it did well. If you want a freeware behavior-based antispyware utility, try PC Tools ThreatFire. It was reviewed by PC Magazine recently and performed well against spyware. The freeware version lacks the antivirus engine which saves you from any compatibility problems. I have it operating its real-time scanner along with another signature-based antispyware program's real-time scanner and have no compatiblity problems. You can download it from here: http://www.threatfire.com/download/

    Be sure and click the Get Free button.

    Currently, I have 2 antispyware utilities operating their real-time scanners, 1 signature-based and 1 behavior-based. In addition, I have 3 other commercial antispyware utilities, all signature-based, that I use for on-demand scanning only, including ZAPRO's antispyware component. I also use a signature-based antivirus program operating its real-time scanner(also known as on-access scanner). Some might consider this excessive but each antispyware utility is different and what 1 misses, another may catch. You don't want all of them to be operating their real-time scanners as then compatibility problems may develop when they interact with each other. That method would also consume a lot of RAM. My method works well because the programs I use for real-time scanning take low amounts of RAM. Once a week I do an on-demand scan with all of them.
    This method allows you to switch antispyware utilities that will be operating in real-time as well, to see how well they function at that task.

    Hope this helps.

    WATCHER

    Message Edited by WATCHER on 12-06-2007 07:33 PM

    Message Edited by WATCHER on 12-06-2007 07:34 PM

    P.S. Can't seem to get around the bleep. Let me try again. It should be **bleep**

    P.S. One more time. It should be S--u--n--b--e--l--t

    Message Edited by WATCHER on 12-06-2007 07:36 PM

    Message Edited by WATCHER on 12-06-2007 07:37 PM

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •