first potential securtity problem for my router. i was checking logs today for zonealarm which i have recently switched to from Norton. I like it a lot better and its less of a resource hog so all around its better. And theres logs. Well anyway, there were multiple blocked attempts from my computer trying to connect to other comps on my subnet. must of the attempts are to common ports (139 and 445, hmmm, that makes me think) and ips that arent shown on my router as being attached. the ips not being shown as attached on my router is the scary part. I use wep encryption and my password is 16 characters long upper and lowercase and numbers. the wep encryption is a 128 bit shared encryption key that is saved on one computer (mine) and written down. there is no one in range of the router with enough experience to attack it anyway, let alone want to. im thinking its via internet. It doesnt seem likely though, but its more likely than wirelessly. my isp is a nazi (i cant serve on any port with out their permission a.k.a pay them, they block everything) but they arent perfect. My router has a firewall (but if its been hacked how much benefit is that). i have avast free edition (ill end up subscribing soon) and i use microsoft antispyware for real time protection (not the best but its free real time) and ad-aware (which im planning on subscribing to soon) for scans. ZA told me to do a virus scan if the ips that the packets were being sent to were in fact not on my network so i did and the virus chest had 3 files in it. they were all system files (kernel32.dll, winsock.dll, and wsock.dll). it said they were transferred last week 12-9. i actually just reformatted my hard drive last weekend and reinstalled XP. are these really viruses or are they my system files? I have slackware linux as a partition though i use it rarely as im just learning and theres not much time to learn other than vacations what with school and all my extra curriculars. i use my laptop at school (use their network, servers and printers) but no one other than the admin and a really good friend of mine have enough experience to do anything and even they probably couldnt. i dont think its my comp just trying to connect to those servers because its a lot of different ips and i only use 2 maybe 3 servers at school. the other thing that just occured to me is that ZA shouldnt have blocked them (though im glad they did) because i set it to trust all ips on my subnet. i think it blocked it because it couldnt determine what program sent out the packet. the other thing is that it says it came from .8 which is my hard connection (ive been using that instead of wireless because of problems stated below).

my personal conclusion is that its either my router has been hacked via land line or i have some crazy virus or rootkit. the last two are what im leaning towards so im not sure if this is in the right category, ive attached the logs as .jpg i couldnt find the log files on my hard drive and dont really have time to look.


also, ive been having trouble connecting to my network recently, but only wirelessly and only locally. i thought it could be a driver problem or possibly microsoft's wireless network manager but i dont know, i updated the drivers and no change. when i go to advanced settings it always shows it as connected and indeed it is, i have a connection but it says its not and every once in a while it says it cant connect to the preffered wireless network and then im disconnected. sometimes the settings will actually just change randomly. the whole thing is driving me insane. every other computer in the house works fine except my older brothers computer for college which was configured by some nazi network administrator they have there (the computer has to connect to grove cities network, for a while it would add gcc as a workgroup on our network, it was really strange)