ZoneAlarm Working Overtime
Thread Starter
Joined: Nov 2002
Posts: 1,630
Likes: 0
From: 39N 77W
ZoneAlarm Working Overtime
My ZoneAlarm (free) is working overtime blocking things.
I'm using a dialup connection.
It is blocking 2 or 3 items per minute trying to access ports 445 or 135, and many of these requests originate at my own ISP.
There are additional items from elsewhere that ZoneAlarm thinks are port scans.
When I disconnect, DLLs on my machine try to send two messages to black holes or .....
I'm surprised at all this busy-work which ZoneAlarm is faced with..
Ideas?
SC
I'm using a dialup connection.
It is blocking 2 or 3 items per minute trying to access ports 445 or 135, and many of these requests originate at my own ISP.
There are additional items from elsewhere that ZoneAlarm thinks are port scans.
When I disconnect, DLLs on my machine try to send two messages to black holes or .....
I'm surprised at all this busy-work which ZoneAlarm is faced with..
Ideas?
SC
Nice-but-dim
Joined: Sep 2001
Posts: 640
Likes: 0
From: Rural Yorkshire
Hi Seacue. .
To start with, I would suggest installation and scanning with Spybot . There is a lot of advice in the sticky's in this forum with regard to nasties which might just be lurking on your system. A good online virus scan might also be good housekeeping before looking any further.
To start with, I would suggest installation and scanning with Spybot . There is a lot of advice in the sticky's in this forum with regard to nasties which might just be lurking on your system. A good online virus scan might also be good housekeeping before looking any further.
Everything is under control.
Joined: Jul 2001
Posts: 437
Likes: 0
From: Washington, D.C.
I think that is good advice.
If you have further concerns, I suggest browsing the Forum section of company's support area, and posting a question if your answer is not found. I have had quick responses from several volunteer gurus.
http://www.zonelabs.com/store/conten..._agreement.jsp
If you have further concerns, I suggest browsing the Forum section of company's support area, and posting a question if your answer is not found. I have had quick responses from several volunteer gurus.
http://www.zonelabs.com/store/conten..._agreement.jsp
Thread Starter
Joined: Nov 2002
Posts: 1,630
Likes: 0
From: 39N 77W
I forgot to mention that I have Spybot S&D, NortonAV, Panix PopUp Stopper and PopFile installed.
Spybot found just one AvenueA cookie.
Offhand, I don't see how spyware would cause my ISP to keep looking at ports 445 and 135/7/9.
Thanks for comments.
SC
Spybot found just one AvenueA cookie.
Offhand, I don't see how spyware would cause my ISP to keep looking at ports 445 and 135/7/9.
Thanks for comments.
SC
Self Loathing Froggy
Joined: Jun 2002
Posts: 546
Likes: 2
From: elsewhere
Not directly related, but my ADSL router has been getting a lot of probes to ports 12033 & 12037 (15-20/min), from different places since 18:00 UTC.
Nothing to worry about, I guess, but out of sheer curiosity, does anyone know what service it is ? TIA
(Google didn't bring anything useful).
Nothing to worry about, I guess, but out of sheer curiosity, does anyone know what service it is ? TIA
(Google didn't bring anything useful).
Joined: Nov 2001
Posts: 238
Likes: 0
From: 18nm N of LGW
I suggest that you go to www.grc.com where you can get a few tests done on your machine. "Shields UP" is a great way to see if you have ports open and it will close them too. The site is used by some of the biggest names in IT.
Self Loathing Froggy
Joined: Jun 2002
Posts: 546
Likes: 2
From: elsewhere
CamelPilot
Thanks, I've been there already, my router works as a firewall and all ports are shut and locked.
As already mentionned, it was just a matter of curiosity, I was just wondering if it was some kind of worm attack or some peer-to-peer stuff, inherited from the previous owner of the IP address (My ISP changes addresses quite often).
As it's gone today, I'd go for the peer-to-peer hypothesis.
Thanks, I've been there already, my router works as a firewall and all ports are shut and locked.
As already mentionned, it was just a matter of curiosity, I was just wondering if it was some kind of worm attack or some peer-to-peer stuff, inherited from the previous owner of the IP address (My ISP changes addresses quite often).
As it's gone today, I'd go for the peer-to-peer hypothesis.
Thread Starter
Joined: Nov 2002
Posts: 1,630
Likes: 0
From: 39N 77W
I, too, just tried the grc test again. My machine is fully locked down and stealthed. At least the probes to ports 135 and 139 were explained by grc .... but not why my ISP would try to access them.
SC
SC
Cunning Artificer
Joined: Jun 2001
Posts: 3,125
Likes: 7
From: The spiritual home of DeHavilland
Blackice does the same on my PC - a never ending storm of probes scanning odd ports. They seem to be random searches for http servers and back door programs together with attempts to either place the Slammer Worm onto my machine or find out if its already there.
I lost touch with the kind gentleman on this Forum who fixed CoolWebSearch for me, but thats a bitch of an infection if you ever get it. Firewalls don't block CoolWebSearch because it comes in directly from the web page, buried in the script. To keep it out You have to keep your IE6 browser updated as well as doing regular scans for any existing infection that may have sneaked in between updates. I don't know if other browsers can keep it out.
I lost touch with the kind gentleman on this Forum who fixed CoolWebSearch for me, but thats a bitch of an infection if you ever get it. Firewalls don't block CoolWebSearch because it comes in directly from the web page, buried in the script. To keep it out You have to keep your IE6 browser updated as well as doing regular scans for any existing infection that may have sneaked in between updates. I don't know if other browsers can keep it out.
