Re: ZoneAlarm block?

From: mac1 (mac1_at_nospam.com)
Date: 08/24/04 

Date: Tue, 24 Aug 2004 16:11:08 -0400

"N. Miller" <anonymous@discussions.microsoft.com> wrote in message
news:MPG.1b95317d1e1f7ffb98a377@msnews.microsoft.com...
> In article <XLKWc.15721$cx.2031@bignews4.bellsouth.net>, mac1 says...
>
> > Running WindowsXP, IE6, ZoneAlarm 5.1.011
>
> > Today I received an alert that read:
> > The fire wall has blocked internet access to 192.xxx.x.xxx (DNS) from
your
> > computer. (I've typed (x) instead of actual modem IP number.) Program
> > Generic Host Process for windows 32 Services
>
> I wish that you had made it 192.168.x.x. Or, 192.68.x.x. It makes a
> difference; only 192.168.0.0/16 is private, the rest is public. Oh, and if
> it was a private range, tell me why you think posting 192.168.1.1 is such
a
> threat to your privacy; there are certainly tens of thousands of networks
in
> the U.S. with that IP address. I'd guess that my 192.168.102.0/24 is more
> unique because it isn't the manufacturer's default. Oops...did I let a cat
> out of a bag? What good is it that you now know my LAN IP address?
>
> And it would help to know if that IP address was a WAN IP address (in the
> part of 192.0.0.0/8 up to the start of 192.168.0.0/16), or a LAN IP
address
> (within 192.168.0.0/16).
>
> Why is this distinction important? Your firewall blocked access from your
> computer ('localhost', or [127.0.0.1]) to some IP address; but was it a
> local request, or a remote request? Who knows? I won't endeavor to guess.
>
> > Not knowing if this is a virus, nor what to do if it was, opened the
> > "Program control" in ZoneAlarm and found that "Generic Host process
> > for windows 32 services" was listed in the program column.
>
> > Currently Under the "Access" column: Trusted and Internet each had a
check
> > mark Currently Under the "Server" column: Trusted and Internet each had
a
> > question mark
>
> > Below, in the entry detail box was the following information:
> > Product name: Microsoft Windows Operating System.
> > The file name: C:\Windows\System32\svchost.exe
>
> > My question is should I do about this alert. If its safe should I place
a
> > check mark under Trusted and Internet in the Server column.
>
> > Thanks for any clarification about the alert.
>
> I would trust any internal requests, as in traffic between to LAN
computers,
> or the LAN computer and the router. I've only seen shares, or LAN resource
> management activity on my LAN.
>
> But, since part of that 192.x.x.x that you failed to distinguish is
public,
> and because you might have an Internet connection from a provider issuing
> public IP addresses in that range, you might actually be seeing a DNS
> request to your provider's DNS service. That is also acceptable, and
> expected. That is how your system works to resolve a Fully Qualified
Domain
> Name (FQDN), the "friendly" name of a site (yahoo.com) into an IP address
> which it can use to actually send a request for packets.
>
> IOW, you gave us a lot of suppositions, and questions, but insufficient
> detail to offer a definitive description of what took place to make your
> program react as you described.
>
> --
Norman,

Unfortunately, one of the many problems of being a newbie is: I simply don't
have a clue about what is safe or not safe to post in a public forum. So, I
thought it best to err on the side of caution and list a partial IP address.
Had no idea that thousands of networks in the US had that IP address.

Addressing my initial post: The IP address in the alert did contain:
192.168.

So if you will, please overlook the ignorance, and the omission of pertinent
information you needed to answer my question. I've got a tremendous learning
curve ahead of me as I slowly gain knowledge about software and hardware I
know very little about.

Relevant Pages

  • Firewall/Redirection Issue
    ... I want to make a computer thats just connected to the LAN from making ... request for webpages outside of the LAN until certain parameters ... patches and then access the internet from the LAN. ...
    (microsoft.public.security)
  • Re: Question/Comment on Dynamic IP
    ... >of the LAN, and now know to look up the dynamic IP of the PPPOE in order to ... No, because your LAN is using IPs in the private range, and by ... definition these *cannot* be used over the internet. ... >service or changing my ISP service to a fixed IP. ...
    (microsoft.public.windowsmedia.encoder)
  • Re: ZoneAlarm block?
    ... only 192.168.0.0/16 is private, ... What good is it that you now know my LAN IP address? ... local request, or a remote request? ... > for windows 32 services" was listed in the program column. ...
    (microsoft.public.security.virus)
  • RE: Cant browse, cant ping, cant tracert?
    ... tried pinging yahoo.com after that and I get the Request timed out error. ... Have you tried flushing the DNS resolver cache? ... other machines on my lan that access the Internet ... dialup connection of the lan connection. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Remote assistance
    ... >> request file to point to the local IP of the machine behind the LAN ... >>> consists of 4 PCs and one of which I want to use for Remote Assistance. ... >>> At the moment I have set up a friends PC and connected it to my LAN so I ...
    (microsoft.public.windowsxp.general)