ZoneAlarm Working Overtime
Thread Starter
Join Date: Nov 2002
Location: 39N 77W
Posts: 1,630
Likes: 0
Received 0 Likes
on
0 Posts
ZoneAlarm Working Overtime
My ZoneAlarm (free) is working overtime blocking things.
I'm using a dialup connection.
It is blocking 2 or 3 items per minute trying to access ports 445 or 135, and many of these requests originate at my own ISP.
There are additional items from elsewhere that ZoneAlarm thinks are port scans.
When I disconnect, DLLs on my machine try to send two messages to black holes or .....
I'm surprised at all this busy-work which ZoneAlarm is faced with..
Ideas?
SC
I'm using a dialup connection.
It is blocking 2 or 3 items per minute trying to access ports 445 or 135, and many of these requests originate at my own ISP.
There are additional items from elsewhere that ZoneAlarm thinks are port scans.
When I disconnect, DLLs on my machine try to send two messages to black holes or .....
I'm surprised at all this busy-work which ZoneAlarm is faced with..
Ideas?
SC
Nice-but-dim
Join Date: Sep 2001
Location: Rural Yorkshire
Posts: 636
Likes: 0
Received 0 Likes
on
0 Posts
Hi Seacue. .
To start with, I would suggest installation and scanning with Spybot . There is a lot of advice in the sticky's in this forum with regard to nasties which might just be lurking on your system. A good online virus scan might also be good housekeeping before looking any further.
To start with, I would suggest installation and scanning with Spybot . There is a lot of advice in the sticky's in this forum with regard to nasties which might just be lurking on your system. A good online virus scan might also be good housekeeping before looking any further.
Everything is under control.
Join Date: Jul 2001
Location: Washington, D.C.
Posts: 435
Likes: 0
Received 0 Likes
on
0 Posts
I think that is good advice.
If you have further concerns, I suggest browsing the Forum section of company's support area, and posting a question if your answer is not found. I have had quick responses from several volunteer gurus.
http://www.zonelabs.com/store/conten..._agreement.jsp
If you have further concerns, I suggest browsing the Forum section of company's support area, and posting a question if your answer is not found. I have had quick responses from several volunteer gurus.
http://www.zonelabs.com/store/conten..._agreement.jsp
Thread Starter
Join Date: Nov 2002
Location: 39N 77W
Posts: 1,630
Likes: 0
Received 0 Likes
on
0 Posts
I forgot to mention that I have Spybot S&D, NortonAV, Panix PopUp Stopper and PopFile installed.
Spybot found just one AvenueA cookie.
Offhand, I don't see how spyware would cause my ISP to keep looking at ports 445 and 135/7/9.
Thanks for comments.
SC
Spybot found just one AvenueA cookie.
Offhand, I don't see how spyware would cause my ISP to keep looking at ports 445 and 135/7/9.
Thanks for comments.
SC
Self Loathing Froggy
Join Date: Jun 2002
Location: elsewhere
Age: 18
Posts: 546
Likes: 0
Received 0 Likes
on
0 Posts
Not directly related, but my ADSL router has been getting a lot of probes to ports 12033 & 12037 (15-20/min), from different places since 18:00 UTC.
Nothing to worry about, I guess, but out of sheer curiosity, does anyone know what service it is ? TIA
(Google didn't bring anything useful).
Nothing to worry about, I guess, but out of sheer curiosity, does anyone know what service it is ? TIA
(Google didn't bring anything useful).
Join Date: Nov 2001
Location: 18nm N of LGW
Posts: 238
Likes: 0
Received 0 Likes
on
0 Posts
I suggest that you go to www.grc.com where you can get a few tests done on your machine. "Shields UP" is a great way to see if you have ports open and it will close them too. The site is used by some of the biggest names in IT.
Self Loathing Froggy
Join Date: Jun 2002
Location: elsewhere
Age: 18
Posts: 546
Likes: 0
Received 0 Likes
on
0 Posts
CamelPilot
Thanks, I've been there already, my router works as a firewall and all ports are shut and locked.
As already mentionned, it was just a matter of curiosity, I was just wondering if it was some kind of worm attack or some peer-to-peer stuff, inherited from the previous owner of the IP address (My ISP changes addresses quite often).
As it's gone today, I'd go for the peer-to-peer hypothesis.
Thanks, I've been there already, my router works as a firewall and all ports are shut and locked.
As already mentionned, it was just a matter of curiosity, I was just wondering if it was some kind of worm attack or some peer-to-peer stuff, inherited from the previous owner of the IP address (My ISP changes addresses quite often).
As it's gone today, I'd go for the peer-to-peer hypothesis.
Thread Starter
Join Date: Nov 2002
Location: 39N 77W
Posts: 1,630
Likes: 0
Received 0 Likes
on
0 Posts
I, too, just tried the grc test again. My machine is fully locked down and stealthed. At least the probes to ports 135 and 139 were explained by grc .... but not why my ISP would try to access them.
SC
SC
Cunning Artificer
Join Date: Jun 2001
Location: The spiritual home of DeHavilland
Age: 76
Posts: 3,127
Likes: 0
Received 0 Likes
on
0 Posts
Blackice does the same on my PC - a never ending storm of probes scanning odd ports. They seem to be random searches for http servers and back door programs together with attempts to either place the Slammer Worm onto my machine or find out if its already there.
I lost touch with the kind gentleman on this Forum who fixed CoolWebSearch for me, but thats a bitch of an infection if you ever get it. Firewalls don't block CoolWebSearch because it comes in directly from the web page, buried in the script. To keep it out You have to keep your IE6 browser updated as well as doing regular scans for any existing infection that may have sneaked in between updates. I don't know if other browsers can keep it out.
I lost touch with the kind gentleman on this Forum who fixed CoolWebSearch for me, but thats a bitch of an infection if you ever get it. Firewalls don't block CoolWebSearch because it comes in directly from the web page, buried in the script. To keep it out You have to keep your IE6 browser updated as well as doing regular scans for any existing infection that may have sneaked in between updates. I don't know if other browsers can keep it out.