Re: ZoneAlarm Security Alert - My own ISP?



Mr. Arnold wrote:
"Marshall Price" <d021317c@xxxxxxxxx> wrote in message
news:13n4t87bs9qrjfb@xxxxxxxxxxxxxxxxxxxxx
I often get alerts like this:

-------
ZoneAlarm Security Alert
Protected
The firewall has blocked Internet access to your computer (NetBIOS
Session) from dialup-4.232.33.145.Dial1.LosAngeles1.Level3.net
(4.232.33.145) (TCP Port 3436) [TCP Flags: S].
-------

Since the city name embedded therein is often my own (Miami), and I'm a
dial-up user, I suspect these might be coming from Earthlink, my own ISP.

How can I determine whether they are from Earthlink and whether to let
them through? What about other NetBIOS Session alerts?

Well, if you have a computer that has a direct connection to the modem,
which is a direct connection to the Internet, then you remove Client for MS
networks and MS File and Print sharing off of the NIC (network interface
card) or the dial-up connection, and the NetBios ports are closed. The
computer cannot network with other computers. The computer shouldn't have
the ability to network with other computers while the computer has a direct
connection to the Internet (no router between) the computer and the
Internet).

I'm not sure I understand, but I think you're saying that if all the
following conditions were met, they would present a vulnerability:

+ Connected to the Internet through a NIC (via ethernet)
+ NetBIOS enabled on that NIC
+ Client for MS Networks enabled
+ MS File and Print sharing enabled
+ Certain ports open

Right?

Also, I assume that for routine uses -- http, mail (including IMAP),
news, telnet, rlogin, etc. -- "networking" (which I don't quite
understand) with other computers (including my ISP's computers) is
neither necessary nor desirable. Is that right?

If I click on "Don't show this dialog again," will I stop seeing all
security alerts? Should I?

It doens't matter when the ports are closed to begin with, because an attack
cannot be initiated on the ports when they are closed.
.
http://www.petri.co.il/what's_port_445_in_w2k_xp_2003.htm

Is port 445 a TCP port, or some other kind of port?

Each of these alerts indicates a TCP port (never the same one), but I
assume they refer to ports my ISP's computers are using for output, not
which ports they're addressed to on my computer.

I haven't seen port 445 among them, anyway, but I would like to find out
whether it's blocked.

Incidentally, I just received a rash of these alerts. Are they likely to
be initiated by Earthlink, or could they be coming from somebody who
read my post in this newsgroup and wants to have a bit of fun?

--
Marshall Price of Miami
Known to Yahoo as d021317c
.