Re: Begginers basic questions, can someone help?

From: Calvin Crumrine (Calvin_Crumrine@dced.state.ak.us)
Date: 03/11/02 

From: Calvin Crumrine <Calvin_Crumrine@dced.state.ak.us>
Date: Mon, 11 Mar 2002 10:53:54 -0900

"news.bellatlantic.net" wrote:

> Zone alarm constantly requests permission for a program to access the
> internet. how am I supposed to know which are safe & which may be a Trojan
> program? Some are easy, but others I don't recognize.
>
> Also, I have gotten a number of messages that someone has attempted to
> access my computer but Zone alarm blocked access. Are these routine or does
> it truly signify someone trying to "hack" into my computer? I leave my DSL
> connection on all the time relying on Zone Alarm to protect me is this
> stupid & naive?

There's no easy way that I know of to identify which programs are safe to give
Internet access to and which are not. It's not too hard to tell that Trojan.exe
is malware but simple name-changing can defeat that. (Sort of like 'identifying'
terrorists at airports. If you could rely on them to use their true names then
the problem would be simple. Since they don't then there's no easy way.) A good
start is to build a list of ports known to be used by Trojans, then deny
anything trying to use those ports. That won't stop everything (some Trojans use
valid ports) but it's a start.

As for the port scans, they're probably not only meaningless but might be valid.
Many ISP's scan their own customers looking for violations of TOS-like running a
Web or FTP server. Those can be identified because they not only come from your
ISP but also because they probably come from the same addresses. Also they'll
probably only target 'normal' ports. Build a list of them so you can ignore
those-then concentrate on the others if you care. (As noted, many of the others
will be people scanning for file-sharing services. If you don't offer those
services I can't see why you would get repeated scans from the same addresses,
but then I don't use those services & don't know how they work. Maybe they're
really so inefficient that they scan everything every time.)

Relevant Pages

  • Re: Windows 2000 Firewall?
    ... My guess is that Zone Alarm is not configured ... make sure ports 80/443 have access to the internet and port 53 ... cat fight..Were do i close this ipsec ?..Thx and bye. ...
    (microsoft.public.win2000.security)
  • Re: Remore Activesync
    ... I do not know of a safe way to do this. ... router so the PC is accessible for specific ports to the internet. ... I have a broadband router and a Gateway PC running> WinXP. ...
    (microsoft.public.pocketpc.activesync)
  • Re: ZoneAlarm
    ... > Can anyone tell me how to stop zone alarm from checking every process that is running on my PC. ... I'm getting a lot of popups tell me this program or that program is trying to connect to the Internet. ... Would you mind providing a list of some such programs and ports they are trying to use? ... Those should sort out most of the nasties that are likely running on your system. ...
    (Security-Basics)
  • Begginers basic questions, can someone help?
    ... Zone alarm constantly requests permission for a program to access the ... internet. ... how am I supposed to know which are safe & which may be a Trojan ...
    (comp.security.firewalls)
  • Re: Mutilple domain names on SBS
    ... So maybe the SBS machine ... > connections and OWA because those ports might not be safe ... > NIC with internet connectivity. ...
    (microsoft.public.windows.server.sbs)