newbie firewall question
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: newbie firewall question

  1. #1
    Junior Member
    Join Date
    Dec 2001
    Posts
    20

    Question newbie firewall question

    I am running zone alarm on my pc. When i log ono my isp (and at random times while I'm online) it notifies me of a block. It states it has stopped router traffic from 64.66.193.81 to 224.0.013 and also 64.66.193.77 to 224.00.13. Is someone attemptiing to spy on me or what's going on?

  2. #2
    Banned
    Join Date
    Oct 2001
    Posts
    1,463
    Well..... You can do a whois on the IPs you supplied....Heres the result....
    Code:
    whois whois.arin.net 64.66.193.81:
    
    Pac-West Telecomm, INC. (NETBLK-MDSG-PACWEST)
       1776 W. March Lane, Suite 250
       Stockton, CA 95207
       US
    
       Netname: MDSG-PACWEST
       Netblock: 64.66.192.0 - 64.66.223.255
       Maintainer: PWTI
    
       Coordinator:
          Pac-West Telecomm Inc.  (ZP86-ARIN)  ipadmin@mdsg-pacwest.com
          1-800-722-9378
    
       Domain System inverse mapping provided by:
    
       NS1.MDSG-PACWEST.COM		64.66.192.20
       NS2.MDSG-PACWEST.COM		64.66.192.21
       NS4.MDSG-PACWEST.COM		63.93.96.21
       NS6.MDSG-PACWEST.COM		63.93.64.21
    
       ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    
       Record last updated on 17-Dec-2001.
       Database last updated on  7-Feb-2002 19:56:45 EDT.
    
    The ARIN Registration Services Host contains ONLY Internet
    Network Information: Networks, ASN's, and related POC's.
    Please use the whois server at rs.internic.net for DOMAIN related
    Information and whois.nic.mil for NIPRNET Information.
    Well... First of all... Do you have a network running? And seconf of all... This coul;d be just your ISP trying to ping you.... But I neve saw an IP range that big for an ISP...It could be a trojan or an attack (DoS) deppending on if your computer is connected to a big network...

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Well...I haven't had time to look into this in detail yet, but at first glance I noticed this is multicast traffic based on the 224.x.x.x IP address. It is possible it could be a misconfigured router at the ISP, but like I said...I have not done enough analysis yet to tell you for sure. due to the nature of multicast traffic, i definately do not think it is someone trying to target you specifically. since there is a dest address of 224.0.0.0 the traffic you are seeing is not even specifically intended for you, so I woud not even worry about it.

    I will keep you updated

  4. #4
    Junior Member
    Join Date
    Feb 2002
    Posts
    2
    Make sure you have the most recent version of Zonealarm The first versions were plagued with nuisance alarms, most likely resulting only from pings. Later versions seem to be less sensitive to this. One thing that could be causing the contact alarms could be "bots" that are auto scanning a range of ip addresses looking for open connections too.

  5. #5
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Or uninstall that POS and load Sygate's. It's much better.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    I personally like Tiny Personal Firewall though... I had a problem with WinXP and Sygate....my network performance was very slow, and it dropped packets even when I told it to allow all. Could be just me though.

    I didn't feel like messin' with it, so i just used Tiny. works great!!

    http://www.tinysoftware.com

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    157
    I like zone alarm pro and black ice. I also liked Norton's Internet Security. They all trapped things and passed my own self-inflicted scenarios.

    Spottedpony's point about making sure you have the latest and greatest is right on the money.... not only for Zone Alarm, But for any f/w app you use.

    When you get those kinds of messages check what ports are open on your pc by using {netstat -a -n} ... you may need to go to the tutorials to learn what that does and to understand the output.
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-==-=
    Noah built the ark BEFORE it rained.


    http://ld.net/?rn
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-==-=

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Well...if your firewall is blocking the connection...you not see anything by doing a 'netstat'

    Also...the latest and greatest is not always the best...but it is good that some people like to install software as soon as it comes out and be the guinea pigs for those of use who don't want to f**k up our machines because the developer never tested the software before it was released. I like to stay a little bit behind the curve for the most part on my production machines. If it is a box I don't care about though...I have stuff the day it comes out. I have had way too many experiences over the years with "new" software updates completely messin' up my mahine.

    Of course it's not good to be on the other side of the fence with security products, and wait too long to apply updates. Then you just become vulnerable.

    But...if it ain't broke....don't fix it.

  9. #9
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    to go back to your question squall75, other than what has been suggested here it may also be a site you were just at trying to "reconnect" to you.

    chk your logs, compare them with your history list.
    Trappedagainbyperfectlogic.

  10. #10
    Junior Member
    Join Date
    Dec 2001
    Posts
    20
    I was just postenially attacked tonite as well by 64.66.8.35. This time it was by a Curtis Coleman from 4D.net(info found by using WS_PingProPack)
    any ideas
    Of course he relizes, this means war.

    Bugs Bunny

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides