Re: Port scanning?

From: Ilja Mäki (spam_at_illisoft.com)
Date: 10/28/03 

Date: Tue, 28 Oct 2003 10:39:44 GMT

I am running both Zone Alarm and the XP firewall. Is that a good idea?

It seems that my IP address is a destination in the Zone Alarm log and a
source in the XP firewall log. The peer address is a source in Zone Alarm
and a destination in XP firewall, correspondingly. I did not realize that
relation between the logs because Zone Alarm seems to only write a line in
the log when a port is opened while XP firewall also logs the port closure
event. Why is it that way?

Zone Alarm tells me that the protocol used in those events is ICMP and Type
is Firewall. Is it normal that someone trys to ping my computer about once a
minute from different IP addresses? Should I be worried? So far Zone Alarm
has blocked those requests.

I cleared the Program Control list in Zone Alarm in order to initiate the
traffic control. After a couple of minutes a process named "Generic Host
Process for Win32 Services" tried to establish an outgoing connection to
some IP address at port 53. I denied that. As far as I know that process is
some basic process in Windows XP and I should allow it to establish network
connections in order to be able to use the network at all, am I right? But
why did it try to establish a connection when I did not do anything?

Anyway, now when I have disabled the network access of that process, the
only port opened and closed according to the XP firewall log file is UDP
port 137. I guess I should allow the network access for the generic host
process again in order to get tracking the port scanning effect I was
initially talking about.

Illi

"Kevin Boyle" <idontlikespam@respondtothread.com> kirjoitti viestissä
news:O7H%23PjMnDHA.2848@TK2MSFTNGP10.phx.gbl...
> Try installing zone alarm (it will offer better protection anyway) but to
> solve your problem it will ask you each time a program goes to access the
> internet and tell you what that program is, should help you track down
your
> source.
>
>

Relevant Pages

  • Re: Computer problem, need help
    ... I thought I had a Zone Alarm update that I'd downloaded but hadn't ... the Windows Firewall and everything seems to be working fine now. ... his advice and let Windows download all those updates it had been ... you have NO outbound protection. ...
    (soc.retirement)
  • Re: [Full-disclosure] Zone Labs Products Advance Program Control and OS Firewall (Behavioral Based)
    ... > ZoneAlarm Pro and Internet Security Suite with its a new level of protection ... > protects PCs against only network based attacks however the new Zone Labs ... > Zone Alarm products with Advance Program Control or OS Firewall Technology ...
    (Full-Disclosure)
  • Re: Computer problem, need help
    ... I want to scan on the scanner. ... I thought I had a Zone Alarm update that I'd downloaded but hadn't ... the Windows Firewall and everything seems to be working fine now. ... his advice and let Windows download all those updates it had been ...
    (soc.retirement)
  • Re: without selecting the right interface communication wont work ?
    ... Zone alarm does not open the ports. ... look at sockets this is a representation of the OS and not the firewall. ... > address and interface port set to any port. ...
    (comp.security.firewalls)
  • [Full-Disclosure] Vulnerability ZoneAlarm Pro 4.5.532.000
    ... M.Rogge: Target System: Windows XP Professional, ... System requirements of Zone Alarm: ... The installation of the desktop firewall goes seamlessly and after ... incoming packets reliably and there was no significant impediment ...
    (Full-Disclosure)