Results 1 to 9 of 9

Thread: Zone Alarm

  1. #1
    Bronze Lounger
    Join Date
    Feb 2001
    Location
    England
    Posts
    1,306
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Zone Alarm

    There is a new update (November 30th) for Zone Alarm - 2.6.362.

    Their site or link at #42 from my site.

    Click My Sig

  2. #2
    5 Star Lounger
    Join Date
    Feb 2001
    Location
    Youngstown, Ohio, USA
    Posts
    705
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Re: Zone Alarm

    Since we don't have a separate "Security" forum and Zone Alarm is discussed rather frequently here, I have a couple of questions to pose: InoculateIT stopped a Nimda attack from an infected web site, and then detected an infected file in the "Temporary Internet Files" folder. After making sure the mess was taken care of, I go back online with Zone Alarm's big red button pushed in. It immediately logs the alert
    <hr>The firewall has blocked Internet access to the all routers multicast address (224.0.0.2) (ICMP Router Solicit) from your computer.<hr>
    There was no notice of a particular program attempting to access the internet and being blocked. I disconnect and reconnect, and get the same alert again. Right now I'm operating on a "Locked" system, with passlock checked for IE so I can at least get this posted with some sense of security -- I'll keep an eye out for answers at the office.

    Is this all routers multicast thingy something that normally occurs when you connect to the internet? Is it a telltale sign of some sort of spyware? Might there be enough interest/need to have a forum dedicated to security issues?

  3. #3
    Bronze Lounger
    Join Date
    Feb 2001
    Location
    England
    Posts
    1,306
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Zone Alarm

    You've got spyware. Run AdAware over your HD and see if anything turns up.
    Security Forum sounds like a good idea to me.

    Rtgds

  4. #4
    5 Star Lounger
    Join Date
    Feb 2001
    Location
    Youngstown, Ohio, USA
    Posts
    705
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Re: Zone Alarm

    AdAware, with the updated sig file, identified one tainted registry key and cleared it out. A second run through didn't catch anything else. Uninstalled ICQ and a couple of other downloads. Rebooted. Windows did an "Updating system files" before coming up all the way. Re-ran AdAware and again nothing bad popped up. Connected to the internet with ZoneAlarm locking everything up solid -- and it came up with the same alert. <img src=/S/scream.gif border=0 alt=scream width=15 height=15>

    Since ZoneAlarm did not report which program was sending out to the internet immediately on connection, is there anything else that can log all of the traffic, so this invader can be hunted down manually? I feel so invaded! <img src=/S/puke.gif border=0 alt=puke width=60 height=15>

  5. #5
    New Lounger
    Join Date
    May 2001
    Location
    Los Angeles, California, USA, USA
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Zone Alarm ---

    I forgot something. You are in no danger from this source as long as ZA is rejecting this intrusion. And if you can run without getting cut off by your ISP, then your DCMP Server is already being taken care of.

    For me, my connection would quit evertime I reached the end of a Lease and I had to track it down.

    Turn off the Alerts so they don't bug you and play happily, if you are not being terminated.

    Again, good luck.

    Regards,

    The Engineer

  6. #6
    5 Star Lounger
    Join Date
    Feb 2001
    Location
    Youngstown, Ohio, USA
    Posts
    705
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Re: Zone Alarm ---

    Although I'm on Win98, your WINIPCFG command was still valid, and showed that most of the alerts that I am logging are coming from my own ISP. Taking into consideration your info on leased connections and such, I did a little digging through my system (long-forgotten and long-ignored dialup settings) and it is all beginning to make a little more sense -- I receive a server-assigned IP address each time I connect.

    I'm beginning to feel a little more secure now. <img src=/S/sigh.gif border=0 alt=sigh width=15 height=15> If I ever do get a high-speed connection you can be sure that I'll put the little bit of extra money into getting the upgrade versions of ZoneAlarm and such.

  7. #7
    New Lounger
    Join Date
    May 2001
    Location
    Los Angeles, California, USA, USA
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Zone Alarm ---

    GREAT! Glad I could help.

  8. #8
    5 Star Lounger
    Join Date
    Aug 2001
    Location
    Confoederatio Helvetica
    Posts
    602
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Zone Alarm ---

    <img src=/S/cheers.gif border=0 alt=cheers width=30 height=16> Thanks from me as well Sam!

  9. #9
    New Lounger
    Join Date
    May 2001
    Location
    Los Angeles, California, USA, USA
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Zone Alarm

    Probably you don't have Spyware or a Virus, but you may. I'll discuss that in a moment.

    I use ZoneAlarm Pro so I cannot guarantee that everything I say about ZA applies to you.

    ISPs that sell high-speed connections sell more connections (IP addresses) than they have because not everyone is on at they same time. You get a temporary IP address that is "leased" to you. Leases can be for several days or for an hour, etc.

    The ISP checks periodically to see if you are there. If you are not, they may lease your IP address to someone else (there are days in the computer biz when I wish the lease concept had never been invented). The query may come as a multicast, and it may come with a DCMP, ICMP, or IGMP protocol. Zone Alarm has to be configured to allow this, which may mean that you must add an IP address (e.g., 224.0.0.2) to those allowed entrance. If you use the Help in Zone Alarm and look in the Index under these protocols you can find some discussion of this.

    I use Windows 95 (yes still) and it provides a program that I call with C:WINDOWSWINIPCFG.EXE /all that gives me a reading of the various IP addresses that apply to me. Later Windows have a similar program in the same location with a slightly different name. Use the program and if your DCMP Server has the IP address of 224.0.0.2, BINGO!

    If it doesn't.that's not the whole story. My furshlugginer ISP uses two methods of checking, one of which is not listed by the CFG program. You may be able to get the IPs of all the Servers that require access from your ISP. Mine said, "Huh?" so I had to track it down.

    Use the ZoneAlarm log. Note what IP's are turned away frequently, especially if your connection regularly goes aware shortly after one is denied access. That's how I found the second one.

    That's brief, Good Luck.

    If you are concerned about Spyware (illicit programs that send information about you to somebody) get AdAware, it's free (<A target="_blank" HREF=http://www.lavasoftUSA.com>http://www.lavasoftUSA.com</A>). I also use the Pro version of thios one.

    I sometimes find the additional features of the Pro versions of these handy programs to be worth the price.

    For Viruses, as far as I am concerned, nobody beats Norton (Symantec). Make sure that the "All Files" and the "Scan e-mails" options are used.

    Regards,

    The Engineer

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •