Results 1 to 6 of 6

Thread: Basic Firewall - how to identify the intrusion attempts (increasing number)

Hybrid View

  1. #1
    lasert Guest

    Default Basic Firewall - how to identify the intrusion attempts (increasing number)

    Hello,

    I have this increasing number of blocked IP adresses attempting to communicate (intrude) in my computer. I have no way to know what are. Do you know anyway I can identify them ?

    I am a µtorrent user and I don't know if some of the IPs that want to share torrents with me are blocked. Even if I verified it is considered safe by ZoneAlarm Firewall. All I know is that i noticed that the tranfert debit decreased for downloading. Is there anyway I can authorise the IP adresses from µtorrent while at the same time making sure all they do is downloading the shared torrent?

    Final question, I installed Malwarebytes Anti-Malwares in my computer in addition to ZoneAlarm. It seems MBAM sees connections attempts from µtorrent, that ZoneAlarm doesn't see, and block them. The IP adress blocked by MBAM varies everytime.

    Any suggestion? Thank you very much

  2. #2
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,473

    Default Re: Basic Firewall - how to identify the intrusion attempts (increasing number)

    Hello;

    Right click the ZA icon near the clock --> about --> copy to clipboard --> paste it here.

    Depending on the ZA version used you may different steps to follow to better troubleshoot the issue.

  3. #3
    lasert Guest

    Default Re: Basic Firewall - how to identify the intrusion attempts (increasing number)

    Version ZoneAlarm Firewall Gratuit: 11.0.000.054
    Version Vsmon: 11.0.000.054
    Version du pilote: 11.0.000.026
    Version des protections de l’identité Web: 1.5.393.22


    Cheers

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: Basic Firewall - how to identify the intrusion attempts (increasing number)

    Hi!

    MBAM (licensed) has a black list of IPs (distributor of malware/sypware/etc). Everytime the P2P software tries to connect to those IPs MBAM jumps in.

    It will be very difficult to distinguish between solicited and unsolicited calls by P2P programs/machines. IPs/machines drops very often, PC on dynamic IPs changes very frequently. Normally what you see blocked by ZA are connection from P2P that are not anymore live, timedout, dropped, etc.

    Also consider that they are not intrusion just machine calling other machines without realising the machine is not anynmore there....

    If in your P2P software you can see which IPs you are connected to then you can check at the same time if you see the same been blocked by ZA. Its very risky to add those IPs to the ZA trusted zone as you will open up your firewall to any type of connection from that IP.

    Thanks,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    lasert Guest

    Default Re: Basic Firewall - how to identify the intrusion attempts (increasing number)

    To fax :
    IPs/machines drops very often, PC on dynamic IPs changes very frequently. Normally what you see blocked by ZA are connection from P2P that are not anymore live, timedout, dropped, etc.
    Also consider that they are not intrusion just machine calling other machines without realising the machine is not anynmore there....
    So if for example I add a new torrent that involve the same sharing people, will they be blocked now by ZA or will they just have other IP adresses as they change dynamically? If I share a new torrent, ZA will automatically recognize the sharing IPs as real live IPs? And authorise them as they are handled by µtorrent?

    If in your P2P software you can see which IPs you are connected to then you can check at the same time if you see the same been blocked by ZA.
    Now I can't check because I have just stopped downloading with µtorrent since yesterday. So can I add these timedout/dropped in a black list of ZA so that I don't have all or them appearing in the main list of blocked IPs? Because it's kind of difficult to go through 6000 blocked IPs.

    Finally, is there something I can do from µtorrent that would prevent such things? (timedout/dropped IPs being contacted or trying to contact me)

    Thank you

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: Basic Firewall - how to identify the intrusion attempts (increasing number)

    Sorry if I was nor clear enough. You don't have to allow or block anything. ZA will automatically reject unsolicited calls and allow solicited ones.

    If you start blocking IPs then ZA will block it regardless if solicited or not and vice versa. And yes, its good you give up on torrent its a dangerous minefield, unless you only use that PC not for commercial, financial, banking transactions.

    Thanks,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. How do I stop Intrusion Attempts?
    By tomfru in forum Security Issues
    Replies: 4
    Last Post: March 7th, 2008, 07:30 AM
  2. Massive Intrusion Attempts
    By casar in forum Security Issues
    Replies: 1
    Last Post: September 18th, 2007, 06:29 AM
  3. High number of intrusion alerts
    By gcharlton in forum General - Questions that don't fit any other category
    Replies: 6
    Last Post: January 9th, 2007, 12:51 AM
  4. 0 intrusion attempts
    By mrlolaha in forum General - Questions that don't fit any other category
    Replies: 5
    Last Post: August 17th, 2006, 12:26 PM
  5. no intrusion attempts?
    By mcbond in forum General - Questions that don't fit any other category
    Replies: 4
    Last Post: April 19th, 2006, 06:37 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •