Re: Zonealrm: Need to identify the source of outgoing request


<cpurvis3@xxxxxxx> wrote in message
news:1143176041.726212.26350@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I'm running ZoneAlarm free version.

Every night (it seems) I have a few ip's that ZoneAlarm is successfully
blocking going out from my pc to port 80 of the following ip's (the
names I got from ip lookups):

63.211.66.76 Level 3 Communications, Inc
146.82.218.144 Global Crossing
69.31.88.54 nLayer Communications, Inc

It appears these hosts are all running AkamaiGHost.

The logs don't indicate which process or program is originating the
request - the log's Program column is always empty.

How can I determine where/what application originated these request?
Should I allow them through?

The fact that I can't see which program/process may be associated with
the outgoing attempts - could this be because I'm using the free
version (not the pro version)?
...thanks for your help!
P.S - I have anti virus sw (from Zonealarm) - there's no indication
it's some kind of a virus.


When you are able to see what program it is that's making the connection
with the tools like Active Port or TCPview, that program may not actually be
the program that's wanting the access and you must drill down or like inside
a running process to see what's running with the process and using it.

Process Explore will allow you to see what programs are using a given
process.

PE Menu/view/show lower pane/ show all DLL's will show you everything that's
running with a process.

You select a process in the upper pane and right-click Properties and get
more info about the running process.

You can right-click a line in the lower pane too.

Prcview (free) use Google does the same thing as PE.

Long
http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html

Short
http://tinyurl.com/klw1

Duane :)


.

Relevant Pages

  • Re: Cant View Workgroups on One PC
    ... >ZoneAlarm configuration problem found and corrected. ... This unblocked Port 135. ... many thanks, Chuck. ... Forgotten and misconfigured firewalls, as I note in other places, is such a ...
    (microsoft.public.windowsxp.network_web)
  • RE: [Full-Disclosure] Zone Alarm
    ... So, Once you PAY for ZoneAlarm, you don't have to worry about CPU and MEM ... LinkSys Wireless Access Point Cable/DSL with 4 Port Switch. ... Zone alarm is good, but it is only 1 layer. ...
    (Full-Disclosure)
  • Re: Cant connect from the outside
    ... I'm not sure how ZoneAlarm works, so i cannot tell you how to configure it. ... But i think that port 80 is blocked by either you, or your ISP (many ISPs ... > Ethernet adapter Local Area Connection 3: ...
    (microsoft.public.inetserver.iis)
  • Re: Rogue Zonealarm entry??? Am I compromised?
    ... >When the zonealarm box is on screen, to the right of the "stop" button are ... >I have one such logo i dont remember seeing before, so am worried as to what ... >over it it says "Begins a game of hearts on the internet Listening to ... listen on that port and do some logging of any connection attempts. ...
    (comp.security.firewalls)
  • Re: Use what to close the win2ks opened port?
    ... > I want to close the UCP port 3456 on win2k machine, ... ZoneAlarm, when installed, blocks everything by default. ... you as other programs try to access the Internet such as Internet Explorer ... Lately though I've been playing with Deerfields Advanced Firewall. ...
    (comp.security.misc)