Truthfully, Sir, I am not entirely sure how long a snippet is, but assume you don't want the entire 192 hits I got yesterday in less than two hours...a new record "high." Got a few off top of list, one toward middle on TCP, and a couple on end.
FWIN,2003/08/23,07:21:34 -6:00 GMT,12.89.137.100:0,12.86.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2003/08/23,07:22:15 -6:00 GMT,12.85.106.77:0,12.86.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2003/08/23,07:22:47 -6:00 GMT,12.86.131.184:0,12.86.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2003/08/23,07:23:48 -6:00 GMT,12.87.144.97:0,12.86.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2003/08/23,07:24:12 -6:00 GMT,12.86.88.162:0,12.86.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2003/08/23,07:24:40 -6:00 GMT,12.85.138.217:0,12.86.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2003/08/23,07:25:20 -6:00 GMT,12.83.10.8:0,12.86.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2003/08/23,07:27:47 -6:00 GMT,12.85.14.78:0,12.86.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2003/08/23,07:27:55 -6:00 GMT,12.84.10.156:0,12.86.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2003/08/23,07:27:55 -6:00 GMT,81.130.97.9:18156,12.86.xxx.xxx:1434,UDP

FWIN,2003/08/23,07:41:14 -6:00 GMT,12.86.13.55:4400,12.86.xxx.xxx:135,TCP (flags:S)

FWIN,2003/08/23,09:10:24 -6:00 GMT,12.85.104.89:0,12.86.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2003/08/23,09:11:49 -6:00 GMT,12.86.36.232:3706,12.86.xxx.xxx:135,TCP (flags:S)
FWIN,2003/08/23,09:12:01 -6:00 GMT,12.84.103.149:0,12.86.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2003/08/23,09:12:09 -6:00 GMT,12.89.139.186:0,12.86.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2003/08/23,09:12:32 -6:00 GMT,12.86.30.36:3049,12.86.xxx.xxx:135,TCP (flags:S)
FWIN,2003/08/23,09:12:35 -6:00 GMT,12.86.5.172:2603,12.86.xxx.xxx:135,TCP (flags:S)
FWIN,2003/08/23,09:12:40 -6:00 GMT,12.86.121.164:0,12.86.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2003/08/23,09:12:44 -6:00 GMT,12.85.87.23:0,12.86.xxx.xxx:0,ICMP (type:8/subtype:0)
I just saw the other thread on this subject, and assume that everyone else is going through same..er.."stuff"..and hope that this time is a "cycle" like previous ones. I have seen previous ZA ping "highs" and they usually only last a week or so..this particular cycle began on the 20th of this month. The day before that, I got 20 something pings in 2 hours..and pretty much the "same" two hour period.

Kay, I got over 2000 in the last 2 days on my firewall. Called my isp and they were aware of it but except for wasting lots of bandwith there was nothing that they could do. They thinks it's from infedted computers trying to spread. [Just what they said I don't know}. Anyway it will stop and from what I see is causing no harm, except for the wasted bandwith.
Mark

The router I use has stopped all or almost all of this kind of hit’s on my system.
However I do still get a persistent incoming that is blocked by ZA pro

I have found most are not traceable because ZA reports them as originating from The dns server of my ISP

Here is a fast search that works with address’s in nnn.nnn.nnn.nnn form to help you see where this stuff is coming from

http://www.geektools.com/whois.php.

For example one of your hits is
Final results obtained from whois.ripe.net.
Results:
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum: 81.130.72.0 - 81.130.191.255
remarks: ************************************************** *****
remarks: * Please send abuse reports to abuse@btopenworld.com *
remarks: ************************************************** *****
netname: BT-ADSL
descr: IP Pools
country: GB
admin-c: BTOW1-RIPE
tech-c: BTOW1-RIPE
status: ASSIGNED PA
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
changed: preston.dialip@bt.com 20030815
source: RIPE

route: 81.128.0.0/11
descr: BT Public Internet Service
origin: AS2856
mnt-by: BTNET-MNT
changed: support@bt.net 20030615
source: RIPE

The Other is
OrgName: AT&T WorldNet Services
OrgID: ATTW
Address: 400 Interpace Parkway
City: ParsippanyStateProv: NJ
PostalCode: 07054
Country: US

NetRange: 12.0.0.0 - 12.255.255.255
CIDR: 12.0.0.0/8
NetName: ATT
NetHandle: NET-12-0-0-0-1
Parent:
NetType: Direct Allocation
NameServer: DBRU.BR.NS.ELS-GMS.ATT.NET
NameServer: DMTU.MT.NS.ELS-GMS.ATT.NET
NameServer: CBRU.BR.NS.ELS-GMS.ATT.NET
NameServer: CMTU.MT.NS.ELS-GMS.ATT.NET
Comment: For abuse issues contact abuse@att.net
RegDate: 1983-08-23
Updated: 2002-08-23



Most of your Hits are showing from ATT net

MaBell ?

Wow..Mark..I am assuming you're not talking a two hour period? Sheesh. And the remarks of your ISP make me wonder how much "bandwidth" I actually have on slow dialup...:eek:..probably not much.

Thanks, Rick. Yes, AT&T is my ISP, and maybe they're pinging me a lot because they are unhappy that I don't use their Connection wizard gizmo, with spyware that the AT&T tech assured me was not, in fact, spyware...:D

I don’t think it’s your ISP pinging you
It’s more likely the limits of ZA just doing a received by/from and not a connect trace all the way back to the origin.

To do that would require a lot of bandwidth
If every ping were traced back by every user of a fire wall

GMT,12.86.88.162:0,12.86.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2003/08/23,07:24:40 -6:00

That one is from your ISP......

Using AT&T?

Looks like it may be a "keep alive" or something like that.....are you using their connection software?

It may be that ZA and the ATT software are not letting the "keep alive" through or what ever ATT calls it (they do use something that monitors/maintains the connection). If this is supposed to be some sort of connection between the ATT software and your machine it very well could be trying to connect forever....

All of these...

FWIN,2003/08/23,07:41:14 -6:00 GMT,12.86.13.55:4400,12.86.xxx.xxx:135,TCP (flags:S)

are msblaster, and it looks like it is inside the ISP blocks....basically someone else who is using your ISP (or several someones) is infected with msblaster since most of them seem to be ATT IPs it look like they are blocking outside access but not inside the network.

Since you have 98 even without a firewall you would have nothing to worry about from msblaster. It too is mainly an anoyance....

Understand, and "thanks". Just hope it is over soon, because yesterday was 487 in 3 hours..keeps increasing. Raises a question..does anyone know if it keeps a "day" log if you uncheck "log alerts to a text file"? Like I could still look and see how many hits I got that day, but wouldn't have to go and clear out the lengthy text file?

I can't remember.....but I think it is an on or off thing.

Thank you. I am just a bit spooky about trying and seeing what happens because I remember a time when I clicked on "delete log" and ZA stopped logging pings for awhile. So, thanks..and I am back to repeating once again..hope this cycle is over soon. Don't like the "feeling" it gives me..and I feel a bit "rushed" to get things done online quickly so can get offline. Irrational, but...

"Raises a question..does anyone know if it keeps a "day" log if you uncheck "log alerts to a text file"? Like I could still look and see how many hits I got that day, but wouldn't have to go and clear out the lengthy text file?"

Based upon ZA, is this what you are looking for?

http://homepage.ntlworld.com/ukmitch2002/Activity.gif

:) :)

No, Mitch, I have an older version. Just have the little screen that has today's hits, and times, and then below are log file settings.

Nice to see you!!:) Saw a couple of your posts and was thinking of saying.."been awhile, glad to see you!" and so..happy you posted here too.

Nice to see you too Kay! :) :) :)