PDA

View Full Version : ZoneAlarm Alerts



30-09-2001, 04:35 PM
Hi. I have been following the posts replying to Sally Barnett and on checking my own logs I found some alerts that looked odd.

I have 3 Win2000 computers & 1 Win98 on a home network with a Nokia Ni500 for ADSL Internet access. Only the Win98 computer is full time on line, one Y2K is occasionally on and the other two are Lan-enabled as required (kids homework computers). Both the regularly on-line computers have ZoneAlarm Pro installed.

The Y2K log was small at 14KB and some of the FWIN entries have a 0.0.0.0.68 IP address while others show the IP address of my Nokia modem as the source. Is this just the modem interrogating the computer? I also have a number of FWROUTE flags with the source being 66.33.46.57:80 and the destination address being the Win98 IP. What is FWROUTE?

The Win98 log was huge at 83KB and almost every entry was FWIN. A typical sample is below:

FWIN,2001/06/08,19:44:14 +12:00 GMT,194.129.29.4:0,210.54.114.121:0,ICMP
FWIN,2001/06/08,19:44:14 +12:00 GMT,194.129.39.101:0,210.54.114.121:0,ICMP
FWIN,2001/06/08,19:44:14 +12:00 GMT,66.24.243.207:0,210.54.114.121:0,ICMP
FWIN,2001/06/08,19:44:14 +12:00 GMT,193.121.105.76:0,210.54.114.121:0,ICMP
FWIN,2001/06/08,19:44:14 +12:00 GMT,216.217.116.250:0,210.54.114.121:0,ICMP
FWIN,2001/06/08,19:44:14 +12:00 GMT,209.12.218.239:0,210.54.114.121:0,ICMP
FWIN,2001/06/08,19:44:14 +12:00 GMT,209.12.218.246:0,210.54.114.121:0,ICMP
FWIN,2001/06/08,19:44:14 +12:00 GMT,209.12.218.238:0,210.54.114.121:0,ICMP

I also had a swag (several pages) of entries for Xtra's DNS over the last few days but I understand from another post that this was probably a glitch at Xtra.

With all this activity going on are there any extra precautions I should take? I assume that Zone Alarm is blocking all the nasties and whenever I remember I enable internet lock.

Jack

30-09-2001, 06:52 PM
...although this response does not directly answer your question - someone will be along shortly to do that - the following link provided by 'mr troll' [F.1 27/09/01 21:03:14] is well worth a visit:

http://www.samspade.org/d/firewalls.html

Cheers !!!

e_

30-09-2001, 08:26 PM
it sounds like you have used a prog that is looking for servers and they have replyed back. nothing to worry about unless you've ok'ed a trojen of some sort. i usally don't worry about the alerts much unless i'm getting heaps from one ip. as for any more precations ....proberly none needed, just remember firewalls are pointless if explorer has a hole big enough to drive a truck through;-)

the sam spade article makes some good points (thx e_name i missed that post). there is really no way to make a system fully secure, given enough time and effort someone will get in. like locks on a door, firewalls etc just slow them down, and put off the try hards.
quote samspade-'If you'll feel safer sleeping at night knowing there's a 'personal firewall' running on your system, then install one. As long as you pay no attention to the 'hack attacks' it reports it's better than nothing. A free one, ideally, as few of them are worth paying for. Turn off all the alerts and logging - you'll just waste your time (and, more importantly to me, my time and the time of other network administrators your complaints go to) increase your blood pressure and provide no benefit to you. If you really want to leave them turned on and see where traffic is coming from, feel free, but remember that most of the traffic you see is harmless, and that even if it isn't harmless it can't affect your system (if it could, it wouldn't be logged). Oh, and try not to waste admins time with frivolous complaints.' EXACTLY

the catch 22 is that the ones who need firewalls the most are usually the ones who wont have one.

01-10-2001, 08:46 PM
Have you tried ZoneLog Analyser program? Very useful analysis of what is and is not a threat and goes on to enable a whois check, A free trial version available that will last, but has nag screen

available at
http://zonelog.co.uk

goodluck

02-10-2001, 05:58 PM
Thanks Leon, I'll take a look at that. I have checked out the other sites recommended but they seem to discredit software personal firewalls without being too constructive.

We all face risks in being on line but a little security goes a long way in my opinion. If somebody stumbles on my computer they are less likely to stop if some impediment is in their way. Like your average burglar or car thief, they will move on to easier or more interesting pickings.

what I would like to read is a serious review of Zone Alarm et al describing how well they stood up to a serious attack and how long they lasted before security was breached. Deter, Delay, Detect are the key principles.

Jack