-
February 8th, 2002, 08:50 AM
#1
Junior Member
newbie firewall question
I am running zone alarm on my pc. When i log ono my isp (and at random times while I'm online) it notifies me of a block. It states it has stopped router traffic from 64.66.193.81 to 224.0.013 and also 64.66.193.77 to 224.00.13. Is someone attemptiing to spy on me or what's going on?
-
February 8th, 2002, 12:43 PM
#2
Well..... You can do a whois on the IPs you supplied....Heres the result....
Code:
whois whois.arin.net 64.66.193.81:
Pac-West Telecomm, INC. (NETBLK-MDSG-PACWEST)
1776 W. March Lane, Suite 250
Stockton, CA 95207
US
Netname: MDSG-PACWEST
Netblock: 64.66.192.0 - 64.66.223.255
Maintainer: PWTI
Coordinator:
Pac-West Telecomm Inc. (ZP86-ARIN) ipadmin@mdsg-pacwest.com
1-800-722-9378
Domain System inverse mapping provided by:
NS1.MDSG-PACWEST.COM 64.66.192.20
NS2.MDSG-PACWEST.COM 64.66.192.21
NS4.MDSG-PACWEST.COM 63.93.96.21
NS6.MDSG-PACWEST.COM 63.93.64.21
ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Record last updated on 17-Dec-2001.
Database last updated on 7-Feb-2002 19:56:45 EDT.
The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.
Well... First of all... Do you have a network running? And seconf of all... This coul;d be just your ISP trying to ping you.... But I neve saw an IP range that big for an ISP...It could be a trojan or an attack (DoS) deppending on if your computer is connected to a big network...
-
February 8th, 2002, 04:21 PM
#3
Well...I haven't had time to look into this in detail yet, but at first glance I noticed this is multicast traffic based on the 224.x.x.x IP address. It is possible it could be a misconfigured router at the ISP, but like I said...I have not done enough analysis yet to tell you for sure. due to the nature of multicast traffic, i definately do not think it is someone trying to target you specifically. since there is a dest address of 224.0.0.0 the traffic you are seeing is not even specifically intended for you, so I woud not even worry about it.
I will keep you updated
-
February 8th, 2002, 05:24 PM
#4
Junior Member
Make sure you have the most recent version of Zonealarm The first versions were plagued with nuisance alarms, most likely resulting only from pings. Later versions seem to be less sensitive to this. One thing that could be causing the contact alarms could be "bots" that are auto scanning a range of ip addresses looking for open connections too.
-
February 8th, 2002, 09:07 PM
#5
Or uninstall that POS and load Sygate's. It's much better.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
-
February 8th, 2002, 09:27 PM
#6
I personally like Tiny Personal Firewall though... I had a problem with WinXP and Sygate....my network performance was very slow, and it dropped packets even when I told it to allow all. Could be just me though.
I didn't feel like messin' with it, so i just used Tiny. works great!!
http://www.tinysoftware.com
-
February 8th, 2002, 10:16 PM
#7
Senior Member
I like zone alarm pro and black ice. I also liked Norton's Internet Security. They all trapped things and passed my own self-inflicted scenarios.
Spottedpony's point about making sure you have the latest and greatest is right on the money.... not only for Zone Alarm, But for any f/w app you use.
When you get those kinds of messages check what ports are open on your pc by using {netstat -a -n} ... you may need to go to the tutorials to learn what that does and to understand the output.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-==-=
Noah built the ark BEFORE it rained.
http://ld.net/?rn
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-==-=
-
February 8th, 2002, 10:27 PM
#8
Well...if your firewall is blocking the connection...you not see anything by doing a 'netstat'
Also...the latest and greatest is not always the best...but it is good that some people like to install software as soon as it comes out and be the guinea pigs for those of use who don't want to f**k up our machines because the developer never tested the software before it was released. I like to stay a little bit behind the curve for the most part on my production machines. If it is a box I don't care about though...I have stuff the day it comes out. I have had way too many experiences over the years with "new" software updates completely messin' up my mahine.
Of course it's not good to be on the other side of the fence with security products, and wait too long to apply updates. Then you just become vulnerable.
But...if it ain't broke....don't fix it.
-
February 8th, 2002, 11:46 PM
#9
to go back to your question squall75, other than what has been suggested here it may also be a site you were just at trying to "reconnect" to you.
chk your logs, compare them with your history list.
Trappedagainbyperfectlogic.
-
February 9th, 2002, 08:34 AM
#10
Junior Member
I was just postenially attacked tonite as well by 64.66.8.35. This time it was by a Curtis Coleman from 4D.net(info found by using WS_PingProPack)
any ideas
Of course he relizes, this means war.
Bugs Bunny
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|