Results 1 to 10 of 15

Thread: Zone Alarm upgrade

Hybrid View

  1. #1
    martin_rosen Guest

    Default Zone Alarm upgrade

    I installed the upgrade this morning (clean install). I left the security alert on, and since this morning (approx 13 hours), I have had over 1100 attempted intrusions. The alerts refers me to the page that tells me ZA has blocked access to port 139 on my PC.

    Is this number normal and what is port 139 for?

    Thank you.

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    watcher Guest

    Default Re: Zone Alarm upgrade

    Dear Martin_Rosen:

    Port 139 is the NetBIOS Session port used for file and printer sharing for PCs on a LAN. Since ZAISS blocked the request, this was probably an unsolicited attempt to connect to your PC for malicious purposes.

    Normal depends on what kind of protection your ISP uses on its servers and connectivity devices and speed of your connection and activity level of hackers on the Internet during the given period of time. I have dialup but I've had 100+ events in like a 6-hour period one time due to a DDoS attack. What I did was create expert firewall rules to block connection attempts to certain ports on my PC, then IP address ranges of Chinese, Iranian, and North Korean sites, and other malicious attackers that log repeated connection attempts to my PC, and finally IANA-reserved IP ranges that hackers like to forge and try to attack my PC. Once I create the rules, I set them not to log the traffic any more as I already know they are malicious. The result is a smaller, more manageable list, that allows me to look at new threats that log connection attempts, rather than wading through all of them and trying to pick out the new offenders.

    Look in the Destination IP column socket address and see what port(s) they are trying to connect to on your computer. You can block a LOT of traffic(multiple IP addresses) merely by creating an expert firewall rule that blocks any traffic attempting to connect to a specific port on your computer. A good way to harden your computer against attack is to create expert firewall rules to block the following ports: 135, 137, 139, 445, 1026, 1027, and 1028. This is assuming you don't use these ports. Then set the rules not to log this traffic. Hackers and multiple domains use these ports for their own purposes, none of which are beneficial to you. You will reduce the size of your firewall logs greatly. This allows you to concentrate on the remaining entries. This method is useful in a DDoS attack. I once had multiple domains try to connect to port 9021 on my computer(over 50 entries in one Internet session)and this attack started the moment I went on the Internet. Trying to create an expert firewall rule to block this traffic using IP addresses would take dozens of expert firewall rules as this attack is either from a botnet or someone is using forged IP address headers to initiate the connection attempts. However, if I create a single expert firewall rule to block port 9021, I will block ALL those entries.

    Hope this helps.

    WATCHER

  3. #3
    martin_rosen Guest

    Default Re: Zone Alarm upgrade

    Thanks for the information.

    However for a non-techie I don't really understand ! The protection is installed and I leave it. I don't know how to amend it. Any chance of giving me a step-by-step idiots guide ?!

    Cheers

  4. #4
    watcher Guest

    Default Re: Zone Alarm upgrade

    Dear Martin_Rosen:

    ZAISS has a Help file so I would recommend reading that a section at a time. It will help you understand ZAISS.

    That said, ZAISS, by default, protects your PC from external attacks. That is why your logs show all those entries. ZAISS is doing its job.

    Please don't be frustrated by not knowing how to do something and then label it as being an *****. Were that true, everyone on this earth would fit in that category. Just imagine all the information available currently in this world, in all its forms, and you'll see that what each of us learns in a lifetime represents an infinitesimal amount compared to it. What we actually retain is even less.

    I can't give you a "guide" in PC protection or even a synopsis of the Help file as this is beyond the scope of this forum. You state that "I don't really understand" and "I don't know how to amend it", but these are general questions. I don't know what you are referring to in either of these statements. Please rephrase and be as specific as possible in your questions.

    Hope this helps.

    WATCHER

  5. #5
    martin_rosen Guest

    Default Re: Zone Alarm upgrade

    Thank you again Watcher.

    What I didn't really understand was blocking of ports (not really understanding what a port is), and why they have different numbers.

    As for not knowing how to amend it, I was referring to ZAISS. I can change things from on to off and vice versa, and alter from low to high etc., but beyond that is out of my range of knowledge.

    I suppose I should read the Help file as soon as I have a chance. However, as long as it is blocking any threats in the interim that is my main concern.

    Regards

  6. #6
    watcher Guest

    Default Re: Zone Alarm upgrade

    Dear Martin_Rosen:

    Ports(logical) have been compared to windows on a house. They allow applications on your PC to communicate with servers on the Internet, like for updates, and for remote users to connect to your computer. That's why they need to be closed when not actually in use. There are 65,536 ports, separated into 3 categories: well-known-0-1023, registered-1024-49151, and dynamic or private-49152-65536. Well known ports are used by common Internet-aware applications. Registered ports are used by vendors for proprietary applications. Dynamic or private ports can be used by anyone. A list of well-known and registered ports can be found here:

    http://www.iana.org/assignments/port-numbers

    If you want to see what ports others are trying to connect to on your computer, click Alerts and Logs panel, Log Viewer tab, and where it says Alert Type, make sure Firewall is clicked. Under the Destination IP column, following the IP address/(and colon) of your computer, you will see the port number they are trying to connect to on your computer.

    As for ZAISS, it protects you with default settings the moment it is installed on your PC. The firewall settings are found in the Firewall panel, Main tab. By default, Internet Zone Security is set to High and Trusted Zone Security is set to Medium. These defaults will protect against most threats. These are the main settings but there are many other minor settings that can be configured as well.

    Hope this helps.

    WATCHER

    Message Edited by WATCHER on 12-05-2007 12:09 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •