Results 1 to 2 of 2

Thread: Huge Firewall Logs -- Should I Be Worried or Not?

  1. #1
    anniekitty Guest

    Default Huge Firewall Logs -- Should I Be Worried or Not?

    Hi, it's me again.I am a new user using the free ZoneAlarm firewall(And have limited knowledge on technicalissues, so bear with me if this is a dumb question!)My firewall logs are pretty full, I seem to be getting lots of attempts at ports 445 and 139 (those are the only two ports!). I think those are normal ports that are open with Windows XP, but am not sure if I should be concerned that I get so many hits on each. The good thing is that Zonealarm is blocking them, but I am wondering if they are normal Windows processes on my computer needing to perform certain funcitons, but the firewall is blocking them from doing so. I see that the source IP and Destination IP areidentical in some of the cases, imlplying to me it is my computer. Others, though, are different source IP addresses. Most of them are TCP:S and, although most of the source DNSs are blank in the log, others are named 4.in-addr.arpa or n-add. The most common is a long string with words in it (is this my dialup DNS address?).Again, sorry if this is a dumb question, I am new and trying to learn as much as I can!jz

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm (Free)
    Software Version:6.0

  2. #2
    ad_hock Guest

    Default Re: Huge Firewall Logs -- Should I Be Worried or Not?

    Hi anniekitty
    If you contact the internet directly via modem (that is with no router or modem with NAT Network Address Translation) the situation you describe is quite normal and you don't need to be worried.Most part of those intrusions ZA blocks it's called internet background noise and are not directed to your computer in particular. Ports 445,139,137,135 are among the most common ones to get those intrusions and ZA is doing it's job blocking what doesn't coreespond to solicitations from your computer to work properly. When the source and destination is your computer you have what is called a loopback (see this link posted by unhappy_viewer)to see what loopback is http://en.wikipedia.org/wiki/Loopback

    Now you may want to test your firewall to see if it is working properly. Go to www.grc.com and run the shields up test,you may try first the common ports and then the all service ports. If you have your internet security setted to high (the default setting) you should pass and the ports should be stealthed (doesn't respond to unsolicitaded connections and just drop the packets).
    Best regards

    Message Edited by Ad-Hock on 12-05-2005 04:37 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •