Re: ZoneAlarm Security Alert - My own ISP?

Mr. Arnold wrote:
"Marshall Price" <d021317c@xxxxxxxxx> wrote in message
I often get alerts like this:

ZoneAlarm Security Alert
The firewall has blocked Internet access to your computer (NetBIOS
Session) from
( (TCP Port 3436) [TCP Flags: S].

Since the city name embedded therein is often my own (Miami), and I'm a
dial-up user, I suspect these might be coming from Earthlink, my own ISP.

How can I determine whether they are from Earthlink and whether to let
them through? What about other NetBIOS Session alerts?

Well, if you have a computer that has a direct connection to the modem,
which is a direct connection to the Internet, then you remove Client for MS
networks and MS File and Print sharing off of the NIC (network interface
card) or the dial-up connection, and the NetBios ports are closed. The
computer cannot network with other computers. The computer shouldn't have
the ability to network with other computers while the computer has a direct
connection to the Internet (no router between) the computer and the

I'm not sure I understand, but I think you're saying that if all the
following conditions were met, they would present a vulnerability:

+ Connected to the Internet through a NIC (via ethernet)
+ NetBIOS enabled on that NIC
+ Client for MS Networks enabled
+ MS File and Print sharing enabled
+ Certain ports open


Also, I assume that for routine uses -- http, mail (including IMAP),
news, telnet, rlogin, etc. -- "networking" (which I don't quite
understand) with other computers (including my ISP's computers) is
neither necessary nor desirable. Is that right?

If I click on "Don't show this dialog again," will I stop seeing all
security alerts? Should I?

It doens't matter when the ports are closed to begin with, because an attack
cannot be initiated on the ports when they are closed.

Is port 445 a TCP port, or some other kind of port?

Each of these alerts indicates a TCP port (never the same one), but I
assume they refer to ports my ISP's computers are using for output, not
which ports they're addressed to on my computer.

I haven't seen port 445 among them, anyway, but I would like to find out
whether it's blocked.

Incidentally, I just received a rash of these alerts. Are they likely to
be initiated by Earthlink, or could they be coming from somebody who
read my post in this newsgroup and wants to have a bit of fun?

Marshall Price of Miami
Known to Yahoo as d021317c

Relevant Pages

  • Re: Zone Labs Pro question
    ... NetBIOS is disabled but I'm still getting ... Can you tell me how I block outgoing TCP on ports ... > alerting function in the pro version allows for various levels of alerts. ...
  • Re: Zone Labs Pro question
    ... That is the NetBios naming service. ... function in the pro version allows for various levels of alerts. ... IRC components will usually be calling out to destination ports between ...
  • Re: NETBIOS_DGM & NETBIOS_NS probe by my ISP
    ... > it comes to the morning I see that my d/l have stopped and my internet ... > connection is dead, so I run ipconfig to check my IP, it looks ok, but no ... > As someone who knows nothing about firewalls and netbios, ... intentionally block those ports from any computer except computers YOU own. ...
  • Re: Audited an ISA 2000 - part I
    ... > and found the following ports opened, ... > The external scan, i.e., scanning the server from the internet, which ... > 139 (NETBIOS Session Service) ... > appears on the external interface.) ...
  • Re: Ports to block to prevent malicious attacks
    ... Ports come in clusters related to services. ... UDP 137 ... NetBIOS supports file and printer sharing and the now infamous Messenger ... You don't need these ports on the Internet. ...