Hi
I have a cable connection and I leave my computer on most of the time so I installed ZA because of what I have read here. I sometimes get 6 or 7 alerts a day or 2-3 in a row ( none seem to get thru ). Is this normal? Are there that many snoops out there. http://www.PCGuide.com/ubb/smile.gif

buck

------------------
just hav'n fun

Yes it is normal, some of the alerts are from adservers that think you may still be connected, some are napster/file sharing apps like it that may have previously had the same address as you. What you need to be on the look out for are several attempts from the same address on different ports right in a row that is a snoop. Some of them are also just random hits because someone in Kalamzoo types in the wrong URL....

------------------
mjc
Links list:Computer Links (http://www.fortunecity.com/skyscraper/highrise/11/index.htm)

[This message has been edited by mjc (edited 04-29-2001).]

lmao "Kalamazoo"... http://www.PCGuide.com/ubb/smile.gif

as mjc says, it is normal, not only is it normal, it also is a good thing.

You can of course disable the 'pop-up Alerts'.. and also ZA has the "Anaylizer", available from Gibson Research, which can tell you more about who has tried to contact you.

One thing I like is that ZA will actually BLOCK itself- from connecting to the net, along with any other Programs/apps- that you have not given 'permission'.

I get ALLOT more hits than 2 or 3..a day (sometimes 2 or 3 DOZEN).

I see which port they are trying for and determine if it is an attempted 'HackAttack' or not.

My rule is "3 Strikes and you're OUT"!!...

------------------
sea1_69@hotmail.com

Thanks for the responses mjc sea69

Is Kalamzoo near Timbuctoo http://www.PCGuide.com/ubb/smile.gif

I think I'll try and learn some more about what ZA and the "Anaylizer" can do and try to keep track of the alerts. Not much on this computer that anyone would want so I'm not worried just curious.

Can you point me towards where I can read about how the "ports" come into play. I'm still awful new to all of this. Thanks

buck

------------------
just hav'n fun

[This message has been edited by buck52 (edited 04-29-2001).]

Webopedia (http://www.webopedia.com/) definition http://www.PCGuide.com/ubb/frown.gif2) In TCP/IP and UDP networks, an endpoint to a logical connection. The port number identifies what type of port it is. For example, port 80 is used for HTTP traffic.



------------------
mjc
Links list:Computer Links (http://www.fortunecity.com/skyscraper/highrise/11/index.htm)

well, here's the thing.

You may think you "don't have something that anyone would want" - but actually you do.

What allot of 'Hackers' are after is using your computer to hide behind, as they go about doing other much MORE serious 'things'

This is about as far as I want to go regarding the topic here, because it can go into areas that this site is not about!!

funny, as I was typing THIS, I just got a 'hit' :

Date: 4/29/01
Time: 5:21:30 PM -4:00 GMT
Transport: TCP
From: 136.142.103.88 (glenn30.law.pitt.edu)
Source Port: 3246
To: 141.157.100.xx
Destination Port: 111 (sunrpc, portmap, rpcbind)

Firewall log entry:

type,date,time,source,destination,transport
FWIN,4/29/01,5:21:30 PM -4:00 GMT,136.142.103.88:3246,141.157.100.xx:111,TCP

Port 111
Commonly used for Sun RPC PortMapper/RPCBIND. Access to portmapper is the first step in scanning a system looking for all the RPC services enabled, such as rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, amd, etc. If the intruder finds the appropriate service enabled, s/he will then run an exploit against the port where the service is running.


There are PLENTY of sites devoted to just this. http://www.PCGuide.com/ubb/smile.gif

ZA- is a very good software firewall, better than many that you must pay for, and simple to use. It lets you know if there is a 'violation'- but Be Carefull- because MOST'hits' are NOT attempted wrong doing by a malicious person. (but some are).

Like the one above.. at a college yet...
registrant:
University of Pittsburgh (PITT-DOM)
600 Epsilon Drive 600 Epsilon Drive
Pittsburgh, PA 15238
US

Domain Name: PITT.EDU

Administrative Contact, Billing Contact:
Walton, Jinx (JWD610) jpw@PITT.EDU
Computing Services and Systems Development
728 Cathedral of Learning
Pittsburgh , PA 15260
412-624-6114 (FAX) 412-383-7813
Technical Contact:
Larsen, Erik (EL5495) larsene+@PITT.EDU
University of Pittsburgh
3943 O'Hara Street,Room B-3
Pittsburgh, PA 15260
US
4126246431 4126244774 an obvious attempt, but no harm done. Just think if I didn't have ZA.

------------------
sea1_69@hotmail.com




[This message has been edited by sea69 (edited 04-29-2001).]

thanks much !

buck

------------------
just hav'n fun

buck52...

you can go to a site called shields up! and it will explain ports and how/why they're hit by port scanners. They also have the means to test your ports to see how secure they are. I've used ZA for over a year now and I wouldn't connect to the net without it.

buck52...

you can go to a site called shields up! and it will explain ports and how/why they're hit by port scanners. They also have the means to test your ports to see how secure they are. I get hit about 15-20 times a 4hr session but I've seen over 100 hits in one night. I've used ZA for over a year now and I wouldn't connect to the net without it.

steveo, me thinks you wanted to hit 'edit', rather than 'post reply'. http://www.PCGuide.com/ubb/eek.gif

------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)