Results 1 to 7 of 7

Thread: High number of intrusion alerts

  1. #1
    gcharlton Guest

    Default High number of intrusion alerts

    Hi,
    I installed ZA

    4 days ago, having used Norton previously. I use a laptop on a home wireless network. Settings for ZA are the default ones. Since install I have had 524 high rated instrusions which have been blocked, which seems pretty high to me.
    Is this normal, or is there something i'm doing wrong?

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:6.5

  2. #2
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: High number of intrusion alerts

    Are they all ( or most of them) from the same IP address or using the same port?
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  3. #3
    gcharlton Guest

    Default Re: High number of intrusion alerts

    Yes, most of them are. They all start with the same 8/9 digits, only the last number is different.
    Cheers.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: High number of intrusion alerts

    What is the IP ?

    Oldsod
    Best regards.
    oldsod

  5. #5
    gcharlton Guest

    Default Re: High number of intrusion alerts

    192.168.2.1:2***
    - only the last three digits change on the different access attempts.
    Cheers,
    G

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: High number of intrusion alerts

    The entire range of 192.168.0.0 to 192.168.255.255 is a private network and not a public internet. Any address originating from this range is from your own home network. It could be the router or another PC or even some hardware such as a printer that is the source of the intrusions. Please understand that the intrusions is a mistake commonly used. The correct way would be dropped packets.

    See this thread>

    http://forum.zonelabs.org/zonelabs/b...message.id=104

    About Private Networks>

    http://en.wikipedia.org/wiki/Private_network

    About intrusions>

    http://forum.zonelabs.org/zonelabs/b...&message.id=78

    So you are safe and very secure.

    To remedy this try putting the DNS and DHCP servers (also gateway if it appears) as Trusted in the Zones of the firewall.

    1. Go to Run type in command, hit OK, and type ipconfig /all then press enter. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side
    2. In ZA on your machine on the Firewall>Zones tab click Add and then select IP Address. Make sure the Zone is set to Trusted

    Do the same in any other home PC and enter their assigned IP also into the Zones of the Firewall as Trusted of the ZA in this particular PC.

    For more info about this see>

    http://www.donhoover.net/dnsdhcp.html

    http://support.microsoft.com/kb/314850/?sd=RMVP

    Also as a side note please make sure the localhost or loopback is listed as Trusted in the Zones of the Firewall. it has a address of 127.0.0.1

    Another side note is to have the Generic Host Process (svchost.exe) as three green bars and access for the Trusted and Internet Zones and with server rights for the Trusted Zone.

    This should remedy the entire problem and eliminate the alerts and set the ZA properly. Your fears are laid to rest.

    Oldsod

    Message Edited by Oldsod on 01-08-2007 10:09 PM
    Best regards.
    oldsod

  7. #7
    gcharlton Guest

    Default Re: High number of intrusion alerts

    That seems to have sorted the problem out - no more alerts since I followed your advice.
    Thanks,
    G

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •