Odd Zone Alarm Alerts

[Jan Il]

Hi All - WinME

I have the free version of Zone Alarm, and I have been getting several Zone
Alarm Alert Advisors the past three days.
The advisor itself states that "

The firewall has blocked Internet access to your computer (FTP) from
80.116.246.80 (FPT) (TCP) Flags:
S].
Time: 10/3/2003 8:38:52 PM

However, they are not all the same, of course, that would be much too easy.
<g>

When I click on More Info, it takes me to a website that basically tells me
what is happening, but, not by what/whom or why.

I got two day before yesterday, three yesterday, and already 4 this morning.
I have run all the AV scans (AVG, Trend Micro, House Call), Spybot, Adware,
etc. and the system is clean.

I am not quite sure my take on this is correct. But, it would appear that
something is trying to get in. If something is going to lurk at my door, I'd
like to know if it is just a 'Peeping Tom', so to speak, or more serious
minded.

I would really appreciate it if someone could add a bit more light on this
activity if possible. At least I'd have a better idea of what to watch for.

Best regards,
Jan

 

[Eric]

Hi All - WinME

I have the free version of Zone Alarm, and I have been getting several Zone
Alarm Alert Advisors the past three days.
The advisor itself states that "

The firewall has blocked Internet access to your computer (FTP) from
80.116.246.80 (FPT) (TCP) Flags:
S].
Time: 10/3/2003 8:38:52 PM

However, they are not all the same, of course, that would be much too easy.
<g>

When I click on More Info, it takes me to a website that basically tells me
what is happening, but, not by what/whom or why.

I got two day before yesterday, three yesterday, and already 4 this morning.
I have run all the AV scans (AVG, Trend Micro, House Call), Spybot, Adware,
etc. and the system is clean.

I am not quite sure my take on this is correct. But, it would appear that
something is trying to get in. If something is going to lurk at my door, I'd
like to know if it is just a 'Peeping Tom', so to speak, or more serious
minded.

I would really appreciate it if someone could add a bit more light on this
activity if possible. At least I'd have a better idea of what to watch for.

Best regards,
Jan

It is just telling you that ZoneAlarm is doing it's job, I personally have
the alerts turned off or else you will get bugged to death by them. People
sometimes ping IP addresses for a host of different reasons, to find out if
anyone has a computer there, to try and break into a system to see what is
there (rare), and of course to try and break in and use the computer as a
tool for a Denial-of-Service-Attack (more common especially for always on
connections), such as what has happened to Microsoft's Domain Server
(probably everyday since it has been running). If you are really interested
in who is doing the pinging of your computer you can go to, I think it's,
www.whois.com and do a IP address search, which will tell you who owns that
particular IP address (not the actual user) sometimes they have a complaint
department that you can email to make the complaint.

Like I said though, I have personally turned off my alerts, as long as
ZoneAlarm is doing it's job, I don't care.

Good luck to you,

Eric

 

[Heather]

several
Zone

It is just telling you that ZoneAlarm is doing it's job, I personally have
the alerts turned off or else you will get bugged to death by them. People
sometimes ping IP addresses for a host of different reasons, to find out if
anyone has a computer there, to try and break into a system to see what is
there (rare), and of course to try and break in and use the computer as a
tool for a Denial-of-Service-Attack (more common especially for always on
connections), such as what has happened to Microsoft's Domain Server
(probably everyday since it has been running). If you are really interested
in who is doing the pinging of your computer you can go to, I think it's,
www.whois.com and do a IP address search, which will tell you who owns that
particular IP address (not the actual user) sometimes they have a complaint
department that you can email to make the complaint.

Like I said though, I have personally turned off my alerts, as long as
ZoneAlarm is doing it's job, I don't care.

Jan.......Eric is right. I get about 100 per hour (pings) due to some
virus or another (Blaster I think).....but I have the alert turned off
and I also do not log them as they all give my ISP's number.

I am using a 2.xxx Pro version, and having used the free one, I know you
never get an explanation of who or what it is......that is how they
tempt you to the pay version......grin.

Don't worry about it........as Eric says, it is doing the job and
keeping the intruders out. If you want to make sure you are stealthed,
go to Steve Gibson's site and check it out. Click on Shields Up at
http://grc.com/default.htm..... and read the information and check your
computer.

Cheers.......Heather

 

[Jan Il]

Hi ya Heather!

Jan.......Eric is right. I get about 100 per hour (pings) due to some
virus or another (Blaster I think).....but I have the alert turned off
and I also do not log them as they all give my ISP's number.

I am using a 2.xxx Pro version, and having used the free one, I know you
never get an explanation of who or what it is......that is how they
tempt you to the pay version......grin.

Don't worry about it........as Eric says, it is doing the job and
keeping the intruders out. If you want to make sure you are stealthed,
go to Steve Gibson's site and check it out. Click on Shields Up at
http://grc.com/default.htm..... and read the information and check your
computer.

Cheers.......Heather

I just wondered, as actually, I have not gotten but one or two alerts in all
the time I've had the ZA (about 3 mos.) and never in such a bunch. So, just
wanted to be cautious. Better to check and head them off at the pass if need
be than to try and clean up the mess later ;-))

'k..I'll just ignore them. But, I will visit the site you provided and check
it out. And the one Eric listed too. After all...that is what I do...what
I'm here for...look, listen and learn. And ..well...you know me....now and
then pester a few of the brave.<VBG>

Good to hear from ya again! <g>

Jan

 

[Jan Il]

Hi Eric!

Hi All - WinME

I have the free version of Zone Alarm, and I have been getting several Zone
Alarm Alert Advisors the past three days.
The advisor itself states that "

The firewall has blocked Internet access to your computer (FTP) from
80.116.246.80 (FPT) (TCP) Flags:
S].
Time: 10/3/2003 8:38:52 PM

However, they are not all the same, of course, that would be much too easy.
<g>

When I click on More Info, it takes me to a website that basically tells me
what is happening, but, not by what/whom or why.

I got two day before yesterday, three yesterday, and already 4 this morning.
I have run all the AV scans (AVG, Trend Micro, House Call), Spybot, Adware,
etc. and the system is clean.

I am not quite sure my take on this is correct. But, it would appear that
something is trying to get in. If something is going to lurk at my door, I'd
like to know if it is just a 'Peeping Tom', so to speak, or more serious
minded.

I would really appreciate it if someone could add a bit more light on this
activity if possible. At least I'd have a better idea of what to watch for.

Best regards,
Jan

It is just telling you that ZoneAlarm is doing it's job, I personally have
the alerts turned off or else you will get bugged to death by them. People
sometimes ping IP addresses for a host of different reasons, to find out if
anyone has a computer there, to try and break into a system to see what is
there (rare), and of course to try and break in and use the computer as a
tool for a Denial-of-Service-Attack (more common especially for always on
connections), such as what has happened to Microsoft's Domain Server
(probably everyday since it has been running). If you are really interested
in who is doing the pinging of your computer you can go to, I think it's,
www.whois.com and do a IP address search, which will tell you who owns that
particular IP address (not the actual user) sometimes they have a complaint
department that you can email to make the complaint.

Like I said though, I have personally turned off my alerts, as long as
ZoneAlarm is doing it's job, I don't care.

Good luck to you,

Eric

Thank you for the information and the url. I will check it out to add
another source to feed my curious about these things.
I really do appreciate your time to help.

Jan

 

[Frans Meijer]

The firewall has blocked Internet access to your computer (FTP) from
80.116.246.80 (FPT) (TCP) Flags:
S].
Time: 10/3/2003 8:38:52 PM

Open proxy according to openrbl.org - could be anyone proxying through
it. Or maybe a trojaned box.

I am not quite sure my take on this is correct. But, it would appear that
something is trying to get in. If something is going to lurk at my door, I'd
like to know if it is just a 'Peeping Tom', so to speak, or more serious
minded.

Could be someone scanning for ftp-servers with (anonymus) upload, to
distribute stuff they don't want to be traceable to theirselves.

 

[Bart Bailey]

In Message-ID:<QLDfb.43578$gv5.16813@fed1read05> posted on Sat, 4 Oct

I would really appreciate it if someone could add a bit more light on this
activity if possible. At least I'd have a better idea of what to watch for.

Go to [Alerts & Logs] - [Main], and check the bottom radio button.
The internet is replete with pings and probes, most of which you can
safely ignore when having ZA active.

I too use ZA free 3.7 and find it to be as effective as, and even more
intuitive than, the ATGuard I had to abandon when I went DSL.

 

[Bart Bailey]

In
Message-ID:<[email protected]>

I am using a 2.xxx Pro version, and having used the free one, I know you
never get an explanation of who or what it is......that is how they
tempt you to the pay version......grin.

Au Contraire Figgs:
Maybe you had the slide sections improperly spaced so as not to show
source IP, but it's there. I'm using the cheapskate version 3.7.
I have ZAP, just don't need all the reporting functions, and find it
clumsy. There is a supplemental program called "Zone Log Analyzer"
that interfaces very well with the freebie.
Check it out:
http://zonelog.co.uk/

 

[Heather]

In

Au Contraire Figgs:
Maybe you had the slide sections improperly spaced so as not to show
source IP, but it's there. I'm using the cheapskate version 3.7.
I have ZAP, just don't need all the reporting functions, and find it
clumsy. There is a supplemental program called "Zone Log Analyzer"
that interfaces very well with the freebie.
Check it out:
http://zonelog.co.uk/

Yep.....I see the source IP's, but I don't bother to check them out. I
used the freebie up till about 3 months ago....and it is every bit as
good as the pay version. I avoid 3.xxx as it plays havoc with System
Restore points in WinME. And I put the free version 4.0 on a couple of
computers for friends and find it a bit cumbersome.

I am one of those who doesn't log the pings or have the alert on. I
checked after I posted earlier and today seem to be getting between 100
and 150/hour allegedly from my own ISP.....huh? Blaster or SoBig I
guess. With cable you get bombarded!!

I do have the Zonelog Analyzer......but never bother with it. But
thanks for mentioning it. I was thinking of going back to the earlier
version of that one if I did use it.

Heading off to our favourite spot next week......Quebec City. Need a
break now that things have sorted themselves out on the home front.
Missed out on holidays this summer, so will take this week as a 'pretend
hot holiday'. (G).

Cheers.......Figgs

 

[Heather]

Yo Bart......guess my Zonelogs are a bit old.......1.00 and 1.15, grin.
I thought it went to a pay version a while back........

Top-posted with luv........Figgs

 

[FromTheRafters]

Hi All - WinME

I have the free version of Zone Alarm, and I have been getting several Zone
Alarm Alert Advisors the past three days.
The advisor itself states that "

The firewall has blocked Internet access to your computer (FTP) from
80.116.246.80 (FPT) (TCP) Flags:
S].
Time: 10/3/2003 8:38:52 PM

However, they are not all the same, of course, that would be much too easy.
<g>

When I click on More Info, it takes me to a website that basically tells me
what is happening, but, not by what/whom or why.

I got two day before yesterday, three yesterday, and already 4 this morning.
I have run all the AV scans (AVG, Trend Micro, House Call), Spybot, Adware,
etc. and the system is clean.

I am not quite sure my take on this is correct. But, it would appear that
something is trying to get in. If something is going to lurk at my door, I'd
like to know if it is just a 'Peeping Tom', so to speak, or more serious
minded.

I would really appreciate it if someone could add a bit more light on this
activity if possible. At least I'd have a better idea of what to watch for.

Best regards,
Jan

I don't know about that specific type of request, but many
people have found that if the IP# they get assigned was being
used previously by a KaZaA (or other p2p network) user and
if the previous user of that IP# happened to be a supernode,
then there could be many clients of that supernode trying to re-
establish contact with it. Supernodes sort of cache a list of files
available from other KaZaA users so that queries need not
go all the way to where the file is stored.

Also some trojans listen on certain ports for requests. Someone
could be scanning a whole block of addresses just to see if any
listening trojans can be found. There are lists on the web of what
ports are commonly associated with what programs, so if you
find port scans you can look up the port number to see what
program *might* be associated with what you are seeing.

Most people just ignore these instances of "Internet Background
Noise" and turn off the firewalls alerts. You can look at the logs
later to see what kind of activity went on.

 

[Jan Il]

Hi Bart -

In Message-ID:<QLDfb.43578$gv5.16813@fed1read05> posted on Sat, 4 Oct

I would really appreciate it if someone could add a bit more light on this
activity if possible. At least I'd have a better idea of what to watch

for.

Go to [Alerts & Logs] - [Main], and check the bottom radio button.
The internet is replete with pings and probes, most of which you can
safely ignore when having ZA active.

I too use ZA free 3.7 and find it to be as effective as, and even more
intuitive than, the ATGuard I had to abandon when I went DSL.

Thank you. Done.

Jan

 

[Jan Il]

Hi Rafters -

Hi All - WinME

I have the free version of Zone Alarm, and I have been getting several Zone
Alarm Alert Advisors the past three days.
The advisor itself states that "

The firewall has blocked Internet access to your computer (FTP) from
80.116.246.80 (FPT) (TCP) Flags:
S].
Time: 10/3/2003 8:38:52 PM

However, they are not all the same, of course, that would be much too easy.
<g>

When I click on More Info, it takes me to a website that basically tells me
what is happening, but, not by what/whom or why.

I got two day before yesterday, three yesterday, and already 4 this morning.
I have run all the AV scans (AVG, Trend Micro, House Call), Spybot, Adware,
etc. and the system is clean.

I am not quite sure my take on this is correct. But, it would appear that
something is trying to get in. If something is going to lurk at my door, I'd
like to know if it is just a 'Peeping Tom', so to speak, or more serious
minded.

I would really appreciate it if someone could add a bit more light on this
activity if possible. At least I'd have a better idea of what to watch for.

Best regards,
Jan

I don't know about that specific type of request, but many
people have found that if the IP# they get assigned was being
used previously by a KaZaA (or other p2p network) user and
if the previous user of that IP# happened to be a supernode,
then there could be many clients of that supernode trying to re-
establish contact with it. Supernodes sort of cache a list of files
available from other KaZaA users so that queries need not
go all the way to where the file is stored.

Also some trojans listen on certain ports for requests. Someone
could be scanning a whole block of addresses just to see if any
listening trojans can be found. There are lists on the web of what
ports are commonly associated with what programs, so if you
find port scans you can look up the port number to see what
program *might* be associated with what you are seeing.

Most people just ignore these instances of "Internet Background
Noise" and turn off the firewalls alerts. You can look at the logs
later to see what kind of activity went on.

Ah...I see. I don't have, nor ever had, KaZaA, and I have little or no
experience with ZA, so, what with all the cave droppings out there, I accept
that it could be any 'ol bat thing. But....I just have one
question......who told it that is was getting close to Halloween, and to
start practicing it's version of Trick or Treat????? <sigh>

Thank you very much for the additional information, I really do appreciate
it.

Jan

 

[Bart Bailey]

In
Message-ID:<[email protected]>

Heading off to our favourite spot next week......Quebec City.

To visit Le Chateau Frontenac?
If you pass through Montreal on the way,
take a moment to stop by Lac Castor (Beaver Lake),
and burn a doob in my honor ;-)

 

[Heather]

In
Message-ID:<[email protected]
m>


To visit Le Chateau Frontenac?
If you pass through Montreal on the way,
take a moment to stop by Lac Castor (Beaver Lake),
and burn a doob in my honor ;-)

HAH!! Can't afford $300/night pour le Chateau......but got a good deal
at another one. We will be passing thru Montreal, but no doobs for this
old lady.....grin. Damn hippie!! I will look up on the map to see
where this lake is tho. Stopping in Gananoque overnight.....and then to
Vieux Quebec. Hope it warms up......about 50 here.

Figgs