Strange - all my programs want internet access.

[Chipmonk]

Well, most of them. I'm using Zone Alarm and programs such as Notepad, Help,
my mouse utility, Windows Explorer, etc. keep requesting Internet access
when I use them.

I'm thinking this is a configuration problem as Zone Alarm reports they're
trying to access IP 0.0.0.0NS. I do have a network card, but it's
disabled. I updated a couple of virus scanners, and they found nothing.

Any ideas?

PS. Should LMHOSTS be enabled on a stand-alone PC?

 

[Guest]

LMHosts is enabled by default

I would be suspicious

Try another Virus scanner with a full system scan.

 

[Chipmonk]

LMHosts is enabled by default.

I would be suspicious.

Try another Virus scanner with a full system scan.

I used the latest McAfee and F-Prot DAT files, but again, nothing even
suspicious showed up.

Is it normal for the Microsoft HTML Help Executable to open up a UDP port
when used? This is the 'browser' style MS help system with the *.chm file
type and yellow question mark icon. For example, if I have open the Services
control window and click its Help icon, Zone Alarm says it's trying to
connect to the Internet, and then this is what I see using TCPView:

MMC.EXE:324 UDP 127.0.0.1:1026 *:*
Is that normal?

Also, opening the Windows 'Find' utility (the one from the Start menu)
results in Windows Explorer attemping to open a port for DNS. The
destination IP is 0.0.0.0, but if I've already connected to my ISP, then the
destination IP is my ISP's DNS proxy server, and still the DNS port.

While Zone Alarm reports most of these programs as trying to connect to the
Internet when launched, only the HTML Help process seems to open up a port,
or at least - keeps the port open long enough for me to see (TCPView
refreshes once per second). The port closes when I terminate the Help
process.

I still think this is a system configuration problem. It's as if my computer
thinks it's on a network or something, and has difficulty resolving its
identity.

I tried the Microsoft Baseline Security Analyzer, but it requires the
'Server' and 'Workstation' services to be running. I don't seem to have them
services listed / installed. Anyway, when I launch the MS BLSA, it shows
"\*error*" as my computer name. Is that because I don't have the 2 required
services running, or a clue to what my configuration problem might be?

I should add that I previously had NetBIOS and DCOM ports 'listening', and
played around with the Services, Windows Components, Registry and Network
Connection settings a lot before finally getting all my ports closed. Some
time ago this machine had Internet Connection Sharing, although it and the
network card are now disabled. The only open ports I have after a reboot now
is System on TCP 1025, which seems normal to me.

Any suggestions?

 

[Steve Winograd [MVP]]

I used the latest McAfee and F-Prot DAT files, but again, nothing even
suspicious showed up.

Is it normal for the Microsoft HTML Help Executable to open up a UDP port
when used? This is the 'browser' style MS help system with the *.chm file
type and yellow question mark icon. For example, if I have open the Services
control window and click its Help icon, Zone Alarm says it's trying to
connect to the Internet, and then this is what I see using TCPView:

MMC.EXE:324 UDP 127.0.0.1:1026 *:*
Is that normal?

Also, opening the Windows 'Find' utility (the one from the Start menu)
results in Windows Explorer attemping to open a port for DNS. The
destination IP is 0.0.0.0, but if I've already connected to my ISP, then the
destination IP is my ISP's DNS proxy server, and still the DNS port.

While Zone Alarm reports most of these programs as trying to connect to the
Internet when launched, only the HTML Help process seems to open up a port,
or at least - keeps the port open long enough for me to see (TCPView
refreshes once per second). The port closes when I terminate the Help
process.

I still think this is a system configuration problem. It's as if my computer
thinks it's on a network or something, and has difficulty resolving its
identity.

I tried the Microsoft Baseline Security Analyzer, but it requires the
'Server' and 'Workstation' services to be running. I don't seem to have them
services listed / installed. Anyway, when I launch the MS BLSA, it shows
"\*error*" as my computer name. Is that because I don't have the 2 required
services running, or a clue to what my configuration problem might be?

I should add that I previously had NetBIOS and DCOM ports 'listening', and
played around with the Services, Windows Components, Registry and Network
Connection settings a lot before finally getting all my ports closed. Some
time ago this machine had Internet Connection Sharing, although it and the
network card are now disabled. The only open ports I have after a reboot now
is System on TCP 1025, which seems normal to me.

Any suggestions?

Install a sniffer program like Ethereal, capture network traffic, and
see what name(s) are being sent to the DNS server.

I once had a system that kept dialing into the Internet for no
apparent reason. Using Ethereal, I found that it was making DNS calls
for "sa.windows.com", which is apparently used by the Windows XP
"Search Assistant". Adding this line to the Hosts file fixed the
problem:

127.0.0.1 sa.windows.com
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Chipmonk]

Added:
[microsoft.public.windowsxp.configuration_manage]
[microsoft.public.windows.networking.firewall]
[microsoft.public.windowsxp.security_admin]

This thread seems to have dried up. Any more suggestions? Anything at all I
can try, anyone?


Original Message:
--------------------------------------------------------------
Well, most of them. I'm using Zone Alarm and programs such as Notepad, Help,
my mouse utility, Windows Explorer, etc. keep requesting Internet access
when I use them.

I'm thinking this is a configuration problem as Zone Alarm reports they're
trying to access IP 0.0.0.0NS. I do have a network card, but it's
disabled. I updated a couple of virus scanners, and they found nothing.

Any ideas?

PS. Should LMHOSTS be enabled on a stand-alone PC?
--------------------------------------------------------------

 

[Adm C]

I hate to suggest this, but you may just need to start over and
reformat/install from scratch to get the best settings. Zonealarm should
adequately protect your computer. You may have your ports scanned at
www.grc.com using his scanning site (Shields Up).

Closing all ports is not necessarily a good thing. When any Windows
component accesses "ports," it may very well be normal (in most cases it is,
especially Windows Explorer) although the software isn't really trying phone
home or anyone else.

C


Added:
[microsoft.public.windowsxp.configuration_manage]
[microsoft.public.windows.networking.firewall]
[microsoft.public.windowsxp.security_admin]

This thread seems to have dried up. Any more suggestions? Anything at all I
can try, anyone?


Original Message:
--------------------------------------------------------------
Well, most of them. I'm using Zone Alarm and programs such as Notepad, Help,
my mouse utility, Windows Explorer, etc. keep requesting Internet access
when I use them.

I'm thinking this is a configuration problem as Zone Alarm reports they're
trying to access IP 0.0.0.0NS. I do have a network card, but it's
disabled. I updated a couple of virus scanners, and they found nothing.

Any ideas?

PS. Should LMHOSTS be enabled on a stand-alone PC?
--------------------------------------------------------------