Results 1 to 4 of 4

Thread: ZA Free/Home Security Alert re:192.168.1.1 for Explorer.exe

  1. #1
    topcatgr Guest

    Default ZA Free/Home Security Alert re:192.168.1.1 for Explorer.exe

    Dear Gurus and others,
    Have WinXP Home SP2, installed/upgraded to ZA free/home:ZoneAlarm version:7.0.462.000
    TrueVector version:7.0.462.000
    Driver version:7.0.462.000
    I'm no novice, have found and removed trojans and such before due to very malicious web sites .
    Using **bleep** 4 Home, Using Spybot S&D.

    Have a Linksys router hardwired to desktop computer, and a Netgear Wireless Access point, using it for this and 2 other laptops.
    After upgrading ZA free, started getting alerts during reboot that explorer.exe is asking to receive traffic from the trusted zone from IP 192.168.1.1 over port 1900 which I know is the address to access my router configuration.
    I don't know if this is just a result of the upgrade and that ZA is monitoring MORE ports and so needs new permission to use this port for the router, vs. somehow some "BOT" has found a way to ping into the router and then on down to the computers on that router, and that IF I give permission, that it will then allow access THRU the router and hardware firewall as well as thru the ZA firewall??????
    Have verified that I only have 1 version of explorer.exe in the Windows folder with proper ID tags/version info. ZA only shows this version in it's progam list.Any thoughts??T.C.

    Operating System:Windows XP Home Edition
    Software Version:7.0
    Product Name:ZoneAlarm (Free)

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZA Free/Home Security Alert re:192.168.1.1 for Explorer.exe

    Actually this seems ok and not malware. The port 1900 is for the UPnP and explorer.exe will do this (and so will svchost.exe).

    192.168.1.1 is the usual IP for a linksys router. Have you entered the router IP as Trusted in the Zones of the Firewall?

    You could just turn off or Disable the UPnP in the Services. Then there should be no application waiting for these attempts.

    The usual method of hacking a router or using arp exploit does not really apply to the average home user. For the most part, they would wrap special packets around the inbound connection (TCP), to trick the router to accept the connection and then have the packets sent to every IP of the LAN. These takes a lot of equipment and a lot of knowledge and experience.
    The router will show dropped packets from time to time in it's logs - this is normal as much of it will be just internet noise and not some hacker doing port scans.
    It is much easier to send malicious email or trick users to install malicious software, to exploit a PC.
    The hackers usually target the big servers or businesses/corps for the big bucks. Much better targets for the effort.

    Oldsod
    Best regards.
    oldsod

  3. #3
    topcatgr Guest

    Default Re: ZA Free/Home Security Alert re:192.168.1.1 for Explorer.exe

    Thankyou OldSod for your time and information, helped to put my mind at ease!
    Yes, the router IP is in the Trusted Zones for DHCP server in ZA!
    I'm not familiar with the disabling of the Upnp services, so I'll just wait for the ZA alert and give it permission and mark it to remember so it won't bother me again.
    Have a Happy New Year!T.C.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZA Free/Home Security Alert re:192.168.1.1 for Explorer.exe

    Happy New Year to you too, T.C.
    Best regards, Oldsod
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •