Re: ZoneAlarm Security Alert - My own ISP?
- From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
- Date: Thu, 27 Dec 2007 14:02:04 -0600
On Wed, 26 Dec 2007, in the Usenet newsgroup comp.security.firewalls, in article
<13n4t87bs9qrjfb@xxxxxxxxxxxxxxxxxx>, Marshall Price wrote:
I often get alerts like this:
-------
ZoneAlarm Security Alert
Protected
The firewall has blocked Internet access to your computer
Brave Firewall!!! Good Firewall!!! Well Done!!!
(NetBIOS Session) from dialup-4.232.33.145.Dial1.LosAngeles1.Level3.net
(4.232.33.145) (TCP Port 3436) [TCP Flags: S].
Some luser's windoze box looking to see if you want to share.
Since the city name embedded therein is often my own (Miami), and I'm a
dial-up user, I suspect these might be coming from Earthlink, my own ISP.
No, they're coming from a "Point Of Presence" provider - it could be
any number of actual ISPs. This is why when you are dialing in, you
are required to identify yourself not only by "username", but by
"username@xxxxxxxx" so they know which list of usernames to look at.
How can I determine whether they are from Earthlink
As usual, the Level 3 rwhois server isn't allowing remote access, but
in theory you might send mail to abuse@xxxxxxxxxxx You'll probably only
get an auto-response from their ignore-bot.
and whether to let them through?
Do you want to share your system with this unknown person/zombie?
What about other NetBIOS Session alerts?
See that your computer is not configured to share anything/everything
with any/everyone. Microsoft copied the idea of the UNIX command
"netstat" which shows what ports are open on your computer. I got rid
of windoze before they invented the network (or what-ever they're
claiming now), but other posters have suggested
C:\ netstat /an in a DOS window
C:\ netstat /ano for winXP
The original command on a *nix box would show
[compton ~]$ netstat -anptu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
[compton ~]$
Here, the box has exactly one port "open" and in fact it's actually
restricted to allow connections from only ~4300 addresses in the entire
world.
If I click on "Don't show this dialog again," will I stop seeing all
security alerts? Should I?
Sorry - I don't use windoze. Personally, I don't bother wasting CPU
cycles having the firewall tell me it blocked access to a closed port.
They didn't get in, and there is little you can do to get them to stop
trying (there really isn't an Internet Police Force, and most "abuse@"
complaints are ignored), so what else are you going to do? See that
your box isn't offering services to anyone you don't specifically want
to have access, and don't worry about it.
Old guy
.
- Follow-Ups:
- Re: ZoneAlarm Security Alert - My own ISP?
- From: Mr. Arnold
- Re: ZoneAlarm Security Alert - My own ISP?
- References:
- ZoneAlarm Security Alert - My own ISP?
- From: Marshall Price
- ZoneAlarm Security Alert - My own ISP?
- Prev by Date: Re: Newsgroup filtering with host server software
- Next by Date: Re: Newsgroup filtering with host server software
- Previous by thread: Re: ZoneAlarm Security Alert - My own ISP?
- Next by thread: Re: ZoneAlarm Security Alert - My own ISP?
- Index(es):
Relevant Pages
|
