192.168.1.254DNS

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Could anyone tell me what 192.168.1.254DNS refers to? It was denied by Zone
Alarm. Could this be a dangerous sign of an attack?

Thanks for any help!
 
From: "computerbuddy" <[email protected]>

| Could anyone tell me what 192.168.1.254DNS refers to? It was denied by Zone
| Alarm. Could this be a dangerous sign of an attack?
|
| Thanks for any help!

An internal, non-routable, private address 192.168.1.254

An attack ?

This is emanating from WITHIN a LAN.
 
computerbuddy said:
Could anyone tell me what 192.168.1.254DNS refers to? It was denied
by Zone Alarm. Could this be a dangerous sign of an attack?

I think its a dangerous sign of a firewall trying to justify its
installation and possibly an upgrade fee.
 
From: "Robert Moir" <[email protected]>

|
| I think its a dangerous sign of a firewall trying to justify its
| installation and possibly an upgrade fee.
|

:-)
 
David H. Lipman said:
From: "computerbuddy" <[email protected]>

| Could anyone tell me what 192.168.1.254DNS refers to? It was denied by Zone
| Alarm. Could this be a dangerous sign of an attack?
|
| Thanks for any help!

An internal, non-routable, private address 192.168.1.254

An attack ?

This is emanating from WITHIN a LAN.
Dave, thanks for the answer.

Call me a newbie! But now I am really confused. If a LAN offers shared
access to devices and applications, and no one but me is using the devices
and applications, it sounds a little strange. Am I wrong?

Maybe I'm not understanding the definition of a LAN. Could you give me your
definition, and if I am overreacting?

Thanks very much.
 
From: "computerbuddy" <[email protected]>


| Dave, thanks for the answer.
|
| Call me a newbie! But now I am really confused. If a LAN offers shared
| access to devices and applications, and no one but me is using the devices
| and applications, it sounds a little strange. Am I wrong?
|
| Maybe I'm not understanding the definition of a LAN. Could you give me your
| definition, and if I am overreacting?
|
| Thanks very much.

Your WAN IP address was ... 68.90.63.208
I would take a guess then that through SBC you have DSL.

Do you have a Cable/DSL Router or a DSL modem+router ?
 
David H. Lipman said:
From: "computerbuddy" <[email protected]>


| Dave, thanks for the answer.
|
| Call me a newbie! But now I am really confused. If a LAN offers shared
| access to devices and applications, and no one but me is using the devices
| and applications, it sounds a little strange. Am I wrong?
|
| Maybe I'm not understanding the definition of a LAN. Could you give me your
| definition, and if I am overreacting?
|
| Thanks very much.

Your WAN IP address was ... 68.90.63.208
I would take a guess then that through SBC you have DSL.

Do you have a Cable/DSL Router or a DSL modem+router ?
A router? I don't really know. I have the modem. I DO have SBC DSL,
though.
 
From: "computerbuddy" <[email protected]>


| A router? I don't really know. I have the modem. I DO have SBC DSL,
| though.

How many computers are connected to your SBC DSL Internet ?

What is the make and model number of the SBC provided DSL modem ?
 
computerbuddy said:
A router? I don't really know. I have the modem. I DO have SBC DSL,
though.

There is no network. There's one computer, one printer, and I'm the only
one using them. No ethernet.

The message from zl partly says:

ZoneAlarm prevented your computer from accessing port 53 on a DNS server
ZoneAlarm prevented your computer from sending a message to a remote
computer. No breach in your security has occurred.Your computer is safe.

ZoneAlarm blocked an outbound communication to a Domain Name Server. The
function of a Domain Name Server (DNS) is to convert a domain's IP address,
such as 207.25.71.28, into a recognizable name, such as www.cnn.com.

Sounds strange that my computer is sending a message to a remote computer!
(IF that is what the message is REALLY saying) Are there modems that are
being reported as not working correctly?
 
computerbuddy said:
ZoneAlarm prevented your computer from accessing port 53 on a DNS
server ZoneAlarm prevented your computer from sending a message to a
remote computer. No breach in your security has occurred.Your
computer is safe.

ZoneAlarm blocked an outbound communication to a Domain Name Server.
The function of a Domain Name Server (DNS) is to convert a domain's
IP address, such as 207.25.71.28, into a recognizable name, such as
www.cnn.com.

Sounds strange that my computer is sending a message to a remote
computer! (IF that is what the message is REALLY saying) Are there
modems that are being reported as not working correctly?

I've got to say it sounds totally normal to me. DNS is what translates a
human readable website address such as www.google.com into the string of
numbers that is actually used by computers to figure out how to send stuff
around the internet.

if you open a command line, and type IPCONFIG /ALL, what response do you
get?
 
computerbuddy said:
:




There is no network. There's one computer, one printer, and I'm the only
one using them. No ethernet.

The message from zl partly says:

ZoneAlarm prevented your computer from accessing port 53 on a DNS server
ZoneAlarm prevented your computer from sending a message to a remote
computer. No breach in your security has occurred.Your computer is safe.

ZoneAlarm blocked an outbound communication to a Domain Name Server. The
function of a Domain Name Server (DNS) is to convert a domain's IP address,
such as 207.25.71.28, into a recognizable name, such as www.cnn.com.

Sounds strange that my computer is sending a message to a remote computer!
(IF that is what the message is REALLY saying) Are there modems that are
being reported as not working correctly?
It's not strange that your computer is trying to request information
from a remote computer. The Internet works on IP addresses, but humans
work better with names such as www.microsoft.com. To translate between
the two we need to contact a Domain Name Server to do the translation,
as the message shows.

The strange thing is that ZoneAlarm is apparently trying to block this
traffic.

Other times that you computer connects to another computer is when you
connect to your ISP to get mail or send mail.

Cheers,

Cliff
 
Enkidu said:
It's not strange that your computer is trying to request information
from a remote computer. The Internet works on IP addresses, but humans
work better with names such as www.microsoft.com. To translate between
the two we need to contact a Domain Name Server to do the translation,
as the message shows.

The strange thing is that ZoneAlarm is apparently trying to block this
traffic.

Other times that you computer connects to another computer is when you
connect to your ISP to get mail or send mail.

Cheers,

Cliff

Yes, I get the message even before I try to connect to the internet, then
about every hour or so after that, connected or not.

I have checked my start-up programs, and the zone alarm programs, and can't
see anything wrong. But I don't think I know what I am looking for.

It doesn't seem normal to me either...
 
From: "computerbuddy" <[email protected]>


|
| Yes, I get the message even before I try to connect to the internet, then
| about every hour or so after that, connected or not.
|
| I have checked my start-up programs, and the zone alarm programs, and can't
| see anything wrong. But I don't think I know what I am looking for.
|
| It doesn't seem normal to me either...

Robert asked you to post the results of running IPCONFIG /ALL...

Where is it ?
 
David H. Lipman said:
From: "computerbuddy" <[email protected]>


|
| Yes, I get the message even before I try to connect to the internet, then
| about every hour or so after that, connected or not.
|
| I have checked my start-up programs, and the zone alarm programs, and can't
| see anything wrong. But I don't think I know what I am looking for.
|
| It doesn't seem normal to me either...

Robert asked you to post the results of running IPCONFIG /ALL...

Where is it ?
This is the message I received after IPCONFIG/ALL command:
Windows IP configuration
An internal error occurred: The request is not supported. Contact
Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
 
David H. Lipman said:
From: "computerbuddy" <[email protected]>


|
| Yes, I get the message even before I try to connect to the internet, then
| about every hour or so after that, connected or not.
|
| I have checked my start-up programs, and the zone alarm programs, and can't
| see anything wrong. But I don't think I know what I am looking for.
|
| It doesn't seem normal to me either...

Robert asked you to post the results of running IPCONFIG /ALL...

Where is it ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Sorry, I left out the space. Let me try again.
 
the command is ipconfig /all (notice the space *before* /all. Did you have
the space there?
 
Yes, now I have it, thanks.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\>IPCONFIG /ALL

Windows IP Configuration

Host Name . . . . . . . . . . . . : MYCOMPUTER
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast
Ethe
rnet NIC
Physical Address. . . . . . . . . : 00-E0-18-5B-A0-AB
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.64
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
Lease Obtained. . . . . . . . . . : Thursday, July 20, 2006 5:53:00 PM
Lease Expires . . . . . . . . . . : Friday, July 21, 2006 5:53:00 PM
 
From: "computerbuddy" <[email protected]>

< snip >

| Physical Address. . . . . . . . . : 00-E0-18-5B-A0-AB
| Dhcp Enabled. . . . . . . . . . . : Yes
| Autoconfiguration Enabled . . . . : Yes
| IP Address. . . . . . . . . . . . : 192.168.1.64
| Subnet Mask . . . . . . . . . . . : 255.255.255.0
| Default Gateway . . . . . . . . . : 192.168.1.254
| DHCP Server . . . . . . . . . . . : 192.168.1.254
| DNS Servers . . . . . . . . . . . : 192.168.1.254
| Lease Obtained. . . . . . . . . . : Thursday, July 20, 2006 5:53:00 PM
| Lease Expires . . . . . . . . . . : Friday, July 21, 2006 5:53:00 PM

Well there 'ya go...

You are using a modem+Router ( I believe I asked you to post the make and model )

The PC address is 192.168.1.64 and the Router is 192.168.1.254.

The Router is port-forwarding DNS requests and ZA is confused. Allow it to to occur as a
rule and tell the software not to bother you about anymore.
 
computerbuddy said:
Yes, now I have it, thanks.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\>IPCONFIG /ALL

Windows IP Configuration

Host Name . . . . . . . . . . . . : MYCOMPUTER
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI
Fast Ethe
rnet NIC
Physical Address. . . . . . . . . : 00-E0-18-5B-A0-AB
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.64
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
Lease Obtained. . . . . . . . . . : Thursday, July 20, 2006
5:53:00 PM Lease Expires . . . . . . . . . . : Friday, July
21, 2006 5:53:00 PM

See Robert Moir's post about upgrade fees. You are seeing perfectly normal
network traffic. Turn off the alerts in Zonealarm.
 
computerbuddy said:
Yes, now I have it, thanks.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\>IPCONFIG /ALL

Windows IP Configuration

Host Name . . . . . . . . . . . . : MYCOMPUTER
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast
Ethe
rnet NIC
Physical Address. . . . . . . . . : 00-E0-18-5B-A0-AB
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.64
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
Lease Obtained. . . . . . . . . . : Thursday, July 20, 2006 5:53:00 PM
Lease Expires . . . . . . . . . . : Friday, July 21, 2006 5:53:00 PM
So, does anyone see anything wrong with the log? Another alert now stated the problem as being with "Program: Generic Host Process for Win32 services"

Does that help pinpoint anything?

Thanks for any information!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top