Re: ZoneAlarm block?
From: N. Miller (anonymous_at_discussions.microsoft.com)
Date: 08/24/04
- Next message: Chek: "Re: SP-2"
- Previous message: chaselink_at_aol.com: "SP-2"
- In reply to: mac1: "ZoneAlarm block?"
- Next in thread: mac1: "Re: ZoneAlarm block?"
- Reply: mac1: "Re: ZoneAlarm block?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 Aug 2004 12:06:09 -0700
In article <XLKWc.15721$cx.2031@bignews4.bellsouth.net>, mac1 says...
> Running WindowsXP, IE6, ZoneAlarm 5.1.011
> Today I received an alert that read:
> The fire wall has blocked internet access to 192.xxx.x.xxx (DNS) from your
> computer. (I've typed (x) instead of actual modem IP number.) Program
> Generic Host Process for windows 32 Services
I wish that you had made it 192.168.x.x. Or, 192.68.x.x. It makes a
difference; only 192.168.0.0/16 is private, the rest is public. Oh, and if
it was a private range, tell me why you think posting 192.168.1.1 is such a
threat to your privacy; there are certainly tens of thousands of networks in
the U.S. with that IP address. I'd guess that my 192.168.102.0/24 is more
unique because it isn't the manufacturer's default. Oops...did I let a cat
out of a bag? What good is it that you now know my LAN IP address?
And it would help to know if that IP address was a WAN IP address (in the
part of 192.0.0.0/8 up to the start of 192.168.0.0/16), or a LAN IP address
(within 192.168.0.0/16).
Why is this distinction important? Your firewall blocked access from your
computer ('localhost', or [127.0.0.1]) to some IP address; but was it a
local request, or a remote request? Who knows? I won't endeavor to guess.
> Not knowing if this is a virus, nor what to do if it was, opened the
> "Program control" in ZoneAlarm and found that "Generic Host process
> for windows 32 services" was listed in the program column.
> Currently Under the "Access" column: Trusted and Internet each had a check
> mark Currently Under the "Server" column: Trusted and Internet each had a
> question mark
> Below, in the entry detail box was the following information:
> Product name: Microsoft Windows Operating System.
> The file name: C:\Windows\System32\svchost.exe
> My question is should I do about this alert. If its safe should I place a
> check mark under Trusted and Internet in the Server column.
> Thanks for any clarification about the alert.
I would trust any internal requests, as in traffic between to LAN computers,
or the LAN computer and the router. I've only seen shares, or LAN resource
management activity on my LAN.
But, since part of that 192.x.x.x that you failed to distinguish is public,
and because you might have an Internet connection from a provider issuing
public IP addresses in that range, you might actually be seeing a DNS
request to your provider's DNS service. That is also acceptable, and
expected. That is how your system works to resolve a Fully Qualified Domain
Name (FQDN), the "friendly" name of a site (yahoo.com) into an IP address
which it can use to actually send a request for packets.
IOW, you gave us a lot of suppositions, and questions, but insufficient
detail to offer a definitive description of what took place to make your
program react as you described.
-- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint
- Next message: Chek: "Re: SP-2"
- Previous message: chaselink_at_aol.com: "SP-2"
- In reply to: mac1: "ZoneAlarm block?"
- Next in thread: mac1: "Re: ZoneAlarm block?"
- Reply: mac1: "Re: ZoneAlarm block?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
