Results 1 to 10 of 10

Thread: X Intrusions have been blocked since install

  1. #1
    superyeti Guest

    Default X Intrusions have been blocked since install

    After searching through the ZoneAlarm user forum I understand that if your computer is hooked up to a router with NAT, the router (ie., hardware firewall) does the job of blocking incoming traffic. As a result the Overview -> Status page will display "0 Intrusions have been blocked since install" because the router is blocking incoming traffic before it even reaches ZASS.

    However, even though my PC is behind a router and blocks incoming traffic the Overview -> Status page displays "2 Intrusions have been blocked since install". And it's been at 2 for several days. How did these 2 "intrusions" make it passed the router???

    Thanks

    Operating System:Windows XP Home Edition
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    riceorony Guest

    Default Re: X Intrusions have been blocked since install

    Sometimes an attacker will attempt to mask themselves and bypass an external router/firewall by copying your own IP address (to make it seem legitimate); other-times, simply the external firewall is not configured correctly and some rules are not set, so some communications come in to the computer.

    You have nothing to worry though if ZA Firewall detects it and blocks it (like it did).

  3. #3
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: X Intrusions have been blocked since install


    <blockquote><hr>riceorony wrote:
    Sometimes an attacker will attempt to mask themselves and bypass an external router/firewall by copying your own IP address (to make it seem legitimate); other-times, simply the external firewall is not configured correctly and some rules are not set, so some communications come in to the computer.

    You have nothing to worry though if ZA Firewall detects it and blocks it (like it did).
    <hr></blockquote>

    The reality of a possible hacker trying to hack a home user's router using advanced techniques from the web is pretty much non-existant. Pictures of Aunt Martha or the family cat are not highly as valued as those government and industrial secrets.

    Usually the default configurations of the router are close to being exactly as needed. If the router was misconfigured, it would not allow connections between it and the PC. It already saw the computer's MAC and assigned a correct IP to the computer, after several different connections and communications. Probably the router's rules are okay. It could be RIP (UDP port 520) from the Router, but if the ZA is running in the default configurations (with no Expert Rules), then the ZA will not indicate any RIP as an intrusion and will simply see the RIP connection attempts and ignore it.

    The only proper method to determine what these intrusions are is by opening the Logs of the Log Viewer in the Alerts and Logs of the Zone Alarm. Check both the Firewall and the Program Logs.
    Here the blocked event will indicate what the "intrusion" really is and why it is an "intrusion".
    Intusions usually are unwanted dropped connections from other local area networked devices, dropped packets from web servers that were initially contacted and connected by your PC, applications on your computer that were denied network/internet access or even fragmented packets. Or some other event.
    The only real way to determine what the intrusions are is check the Logs.
    It is a firewall and the firewall logs were meant to be read and examined, not ignored.
    Read the Logs and if it is a blocked event from or to the internet, check the application in question, the IPs involved, the ports and the protocols and even the Flags and of course the directions of the connections.

    It is quite possible it is the ZA that is not properly configured.
    Please make sure the DHCP and the DNS servers are listed as Trusted in the Zones of the Firewall of the ZA, along with the loopback address of 127.0.0.1 as Trusted.
    The Generic Host Process (svchost.exe) will neeed not only Trusted and Internet Access, but also Server rights for the Trusted Zone.

    Oldsod.
    Best regards.
    oldsod

  4. #4
    riceorony Guest

    Default Re: X Intrusions have been blocked since install

    Current Score:

    Oldsod: 1,423,958 points
    Me: 0 points

    Sigh... one day sir i will catch up!

    Message Edited by riceorony on 07-18-2008 10:49 AM

  5. #5
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: X Intrusions have been blocked since install


    <blockquote><hr>riceorony wrote:
    Current Score:

    Oldsod: 1,423,958 points
    Me: 0 points

    Sigh... my n00biness is still learning haha
    <hr></blockquote>


    We all started from zero. Everybody has started from nothing.
    Come to think of it I have learned a lot in the last few years here - got the idea but need details or facts for a reply will send me onto some area of study and I get both the needed information and new ideas or knowledge. I did understand most of the basic about things, but not in the depth I have now or the completeness of things.

    Just be aware from the beginning not to let emotions (paranoia of getting hacked or fear of malware) get mixed up with the real facts .....some knowledge is more dangerous than a lot of knowledge as little knowledge leads to confusion or misconceptions. The mists of confusion is controlled and cleared by correctly understanding the facts and the knowledge.....once proper realizations and understanding are reached, then and only then are thing clear.
    By the way, even though I am self taught, understand this.... learning never stops as learning starts to increase almost exponentially increase once the basics are well understood ....and the learning never stops as new fields and newer areas are discovered or revealed.

    Firewalls is like the legal system - you have to be a detective to find out what went wrong or why something does not connect, a lawyer to argue things out and a judge to make new laws and pass final judgement. If there was a problem then ghe problem application or malware becomes the felon and gets incarcerated and the innocent party is allowed freedom.

    A little bit of story telling for you today.

    Oldsod.
    Best regards.
    oldsod

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: X Intrusions have been blocked since install

    Feel like doing some reading? I can give you a suggested reading list. Also good for reference and research.
    Oldsod
    Best regards.
    oldsod

  7. #7
    riceorony Guest

    Default Re: X Intrusions have been blocked since install

    Actually I would love some reading if you could suggest it.

    I just picked up &quot;The Best **bleep** Firewall&quot; book at a local book store to read.

  8. #8
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: X Intrusions have been blocked since install

    TCP/IP Primer

    http://www.ipprimer.com/overview.cfm


    Networking Tutorial

    http://www.comptechdoc.org/independe...ide/index.html


    Service overview and network port requirements for the Windows Server system

    http://support.microsoft.com/default...b;en-us;832017



    de.comp.security.firewall FAQ

    http://www.iks-jena.de/mitarb/lutz/u...rewall.en.html



    The World Wide Web Security FAQ

    http://www.w3.org/Security/Faq/


    Internet Firewalls:
    Frequently Asked Questions

    http://www.interhack.net/pubs/fwfaq/firewalls-faq.html



    Protocols Directory

    http://www.protocols.com/protocols.htm



    TCP/IP and IMS Sequence Diagrams

    http://www.eventhelix.com/RealtimeMantra/Networking/



    Internet Protocols (IP)

    http://www.cisco.com/en/US/docs/inte...Protocols.html


    Internet FAQ Archives

    http://www.faqs.org/faqs/


    Marcus Ranum!!!

    http://www.ranum.com/security/computer_security/



    Cable Modem Troubleshooting Tips

    http://homepage.ntlworld.com/robin.d.../security.html



    Protocol Registries (Your new life starts here. This has everything about anything related to the internet - icmp codes lists, port lists, lists of protocols, ipv4 address space list and many more. This is the deinite answer on anything related to the internet - this is the authority or the book of the law. Each and every rfc is a book for it's own subject or discussion and is considered final "the" book until a newer rfc is produced and then that changes the established useage and knowledge.)

    http://www.iana.org/protocols/


    Glossary

    http://www.networksorcery.com/enp/glossary.htm



    Trojans

    http://www.chebucto.ns.ca/~rakerman/...ort-table.html



    Analyzing a Hack from A to Z

    http://www.windowsecurity.com/articl...ack-Part1.html



    Network Defense

    http://www.spirit.com/Network/



    FAQ: Firewall Forensics (What am I seeing?)

    http://www.linuxsecurity.com/resourc...wall-seen.html


    after all that, I am giving you a nice magazine with pictures to relax with and unwind, besides if you did all of the IANA topics and the RFC articles, then you should be ready to recieve either a college diplomia in Internet/networking or a university degree.....

    http://www.practicallynetworked.com

    Oldsod.
    Best regards.
    oldsod

  9. #9
    riceorony Guest

    Default Re: X Intrusions have been blocked since install

    Thank you Oldsod,

    All this reading will bring my many misconceptions up-to-date.

    I agree that a bunch of times, a little knowledge does more harm than good (e.g. spawns misconceptions, etc.)

    Thanks again my friend!

  10. #10
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: X Intrusions have been blocked since install

    Some heavy duty reading in some of those links, so take it easy.
    I did give some help links to even things out.
    You did mention a certain book you are reading and I think the one link is connected directly to it so maybe that will definitely help you.
    Like I said before, the IANA and the RFC are the "bibles" and these are unrefutable facts and the guidelines - you seem pretty sharp to be able to wade through these and get familiar with them. Even enough to understand what and why is exactly going on and which ones to pick for researching answers will really get you well started off and into the right direction.
    From time to time I read parts or some of these to get "exact and correct facts and details" and get a little more knowledgeable - but I do not want to be a scholar on the subject, just a well knowledgeable user.

    Malware links can be lent also; but I just gave you some networking/internet stuff that is a little more special and things you may not see in the usual searches or look arounds.

    Best regards.
    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •