Find your solution!

dirty.ranja · 11-Mar-2008, 11:46 PM #1

My Zone Alarm is going crazy! in the past 14 minutes it has blocked over 1000 access attempts. I've just been sitting here watching the numbers go up at a speed I've never seen before . It definitely wasn't like this just a few hours ago....
Could anyone tell me whats happening. Its freaking me out a bit....LOL
Thanks.

hewee · 12-Mar-2008, 12:41 AM #2

If it is just pings then your ok. I had the same thing happen to me years ago with comcast and I was not alone either. It went on for weeks and then I got a router and that put a stop to it.

You can test your ports here at Shields UP! -- Internet Connection Security Analysis.
http://grc.com/su-firewalls.htm

http://www.grc.com/x/ne.dll?bh0bkyd2

Test all ports.
A perfect "TruStealth" rating is best.

dirty.ranja · 08:44 AM

It has gotten so bad, I finally ticked the "do not show this message again" box to make them stop popping up in my face! lol. Every one of these "intrusions" are targeting the same port, UDP port 49521 and all are coming from different IP's. I'm serious, It's just one after another after another. They won't stop! I just now turned my notifications back on, and WHAM! Here They Come Again! This has NEVER happened before, as I have used ZA for quite awhile now(over 1 yr.) Would it help if I posted the logfile from the past 10 mins, just so you could see what I'm talking about?

[edit]- I have used Shields Up! multiple times, and I get a TruStealth rating everytime.

stan* · 12-Mar-2008, 01:25 PM #4

yes please

dirty.ranja · 12-Mar-2008, 10:36 PM #5

ZA Log File...4 minute time span:

FWIN,2008/03/11,20:00:00 -5:00 GMT,83.84.96.140:34072,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:00 -5:00 GMT,91.60.212.202:59689,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:00 -5:00 GMT,38.100.25.13:59657,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:00:02 -5:00 GMT,71.137.3.41:37522,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:04 -5:00 GMT,77.253.100.157:61709,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:04 -5:00 GMT,208.10.23.157:53111,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:00:06 -5:00 GMT,85.165.10.91:53259,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:06 -5:00 GMT,71.222.38.235:8772,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:06 -5:00 GMT,121.88.22.198:60889,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:00:08 -5:00 GMT,87.121.71.144:2663,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:00:14 -5:00 GMT,213.231.112.253:47113,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:18 -5:00 GMT,88.175.230.132:52525,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:18 -5:00 GMT,24.82.148.31:29766,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:20 -5:00 GMT,88.25.242.210:36246,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:22 -5:00 GMT,74.167.140.235:60024,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:22 -5:00 GMT,90.163.197.122:46393,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:26 -5:00 GMT,66.169.84.235:61111,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:26 -5:00 GMT,217.227.143.140:58174,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:34 -5:00 GMT,67.212.29.58:60019,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:36 -5:00 GMT,85.232.218.138:46651,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:38 -5:00 GMT,213.79.32.187:33359,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:40 -5:00 GMT,83.249.247.245:53255,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:40 -5:00 GMT,80.221.212.85:11230,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:44 -5:00 GMT,190.80.130.84:46123,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:44 -5:00 GMT,83.199.140.177:31679,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:46 -5:00 GMT,83.189.8.95:48095,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:48 -5:00 GMT,4.229.234.161:3021,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:00:50 -5:00 GMT,24.12.10.11:64666,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:50 -5:00 GMT,80.219.115.83:64900,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:52 -5:00 GMT,67.160.234.9:6879,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:52 -5:00 GMT,82.241.147.248:58787,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:54 -5:00 GMT,61.6.237.119:21544,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:56 -5:00 GMT,24.9.67.111:65000,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:00:58 -5:00 GMT,75.180.9.127:21754,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:00 -5:00 GMT,194.225.82.3:63148,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:04 -5:00 GMT,88.107.214.61:13313,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:04 -5:00 GMT,38.100.25.13:57036,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:01:06 -5:00 GMT,216.75.189.185:47078,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:06 -5:00 GMT,82.171.148.216:39372,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:06 -5:00 GMT,71.1.242.206:15119,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:01:10 -5:00 GMT,201.221.201.166:12836,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:10 -5:00 GMT,91.140.18.57:6881,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:10 -5:00 GMT,190.139.81.100:53420,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:12 -5:00 GMT,70.48.29.102:61902,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:01:12 -5:00 GMT,71.36.255.69:59650,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:12 -5:00 GMT,130.127.20.182:54203,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:18 -5:00 GMT,76.180.188.238:65000,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:22 -5:00 GMT,85.224.19.46:29873,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:22 -5:00 GMT,205.200.193.28:50005,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:24 -5:00 GMT,83.179.195.207:52933,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:24 -5:00 GMT,84.215.70.46:35565,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:26 -5:00 GMT,189.27.86.85:10165,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:26 -5:00 GMT,71.93.87.236:6881,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:28 -5:00 GMT,38.100.25.14:37900,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:01:28 -5:00 GMT,85.164.2.158:29651,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:28 -5:00 GMT,75.24.203.218:37524,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:32 -5:00 GMT,77.30.85.77:18076,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:32 -5:00 GMT,85.240.101.16:51838,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:34 -5:00 GMT,82.32.231.48:65305,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:34 -5:00 GMT,65.29.93.26:18759,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:36 -5:00 GMT,72.75.168.178:50252,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:36 -5:00 GMT,76.177.96.226:13642,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:38 -5:00 GMT,86.55.253.192:13897,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:40 -5:00 GMT,90.216.16.243:17973,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:42 -5:00 GMT,66.24.105.31:3595,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:01:44 -5:00 GMT,65.12.180.210:60479,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:44 -5:00 GMT,190.4.16.170:18963,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:46 -5:00 GMT,91.49.99.152:61039,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:46 -5:00 GMT,75.60.218.249:2904,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:01:46 -5:00 GMT,79.121.21.16:6881,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:50 -5:00 GMT,90.14.52.80:26205,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:52 -5:00 GMT,189.134.44.27:11866,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:54 -5:00 GMT,79.182.255.102:10008,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:54 -5:00 GMT,59.100.145.177:40041,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:54 -5:00 GMT,90.190.247.185:52294,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:56 -5:00 GMT,85.164.139.191:59337,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:01:58 -5:00 GMT,208.10.23.157:51429,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:01:58 -5:00 GMT,208.10.23.157:53649,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:01:58 -5:00 GMT,208.10.23.157:53799,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:01:58 -5:00 GMT,58.136.60.18:28118,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:00 -5:00 GMT,68.84.222.93:45805,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:02 -5:00 GMT,68.43.106.242:49464,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:02 -5:00 GMT,79.6.91.234:20499,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:02 -5:00 GMT,84.134.75.70:57056,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:06 -5:00 GMT,38.100.25.8:40623,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:02:08 -5:00 GMT,67.55.147.22:64147,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:12 -5:00 GMT,82.65.22.198:40858,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:12 -5:00 GMT,209.136.56.5:63560,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:14 -5:00 GMT,12.216.228.67:3089,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:02:14 -5:00 GMT,84.167.81.60:51257,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:16 -5:00 GMT,68.46.230.35:38327,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:16 -5:00 GMT,69.113.200.152:63636,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:18 -5:00 GMT,96.224.192.216:50289,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:18 -5:00 GMT,80.132.189.236:22383,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:20 -5:00 GMT,76.10.165.81:33652,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:26 -5:00 GMT,67.173.111.207:33431,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:26 -5:00 GMT,91.4.56.13:61415,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:26 -5:00 GMT,80.171.114.102:6963,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:28 -5:00 GMT,202.188.115.180:20869,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:32 -5:00 GMT,91.41.174.37:21063,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:32 -5:00 GMT,82.136.232.142:55855,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:34 -5:00 GMT,90.56.225.167:62434,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:36 -5:00 GMT,87.162.220.110:7881,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:38 -5:00 GMT,82.83.109.115:20617,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:40 -5:00 GMT,118.137.34.75:64200,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:48 -5:00 GMT,90.196.96.84:11739,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:50 -5:00 GMT,92.113.75.242:6881,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:50 -5:00 GMT,190.3.100.183:60132,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:52 -5:00 GMT,81.10.149.177:20031,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:56 -5:00 GMT,59.126.29.61:9898,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:58 -5:00 GMT,86.99.138.125:50544,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:02:58 -5:00 GMT,67.168.100.20:81,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:00 -5:00 GMT,86.157.3.156:45000,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:00 -5:00 GMT,91.74.108.183:47378,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:02 -5:00 GMT,87.159.14.243:63214,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:04 -5:00 GMT,99.167.224.96:35636,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:06 -5:00 GMT,65.27.188.99:1523,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:03:06 -5:00 GMT,69.123.184.36:63098,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:03:10 -5:00 GMT,64.231.106.78:45071,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:12 -5:00 GMT,79.220.77.45:57041,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:12 -5:00 GMT,88.191.35.37:13568,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:14 -5:00 GMT,209.115.230.95:55421,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:16 -5:00 GMT,62.87.208.254:42273,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:18 -5:00 GMT,88.139.67.54:27534,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:20 -5:00 GMT,121.88.22.198:65097,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:03:20 -5:00 GMT,88.115.227.112:19637,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:03:26 -5:00 GMT,217.197.155.246:12050,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:26 -5:00 GMT,222.93.172.207:51156,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:28 -5:00 GMT,80.230.225.36:65535,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:32 -5:00 GMT,217.173.183.56:65059,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:03:36 -5:00 GMT,63.226.226.57:6815,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:36 -5:00 GMT,124.44.152.114:32768,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:42 -5:00 GMT,72.235.47.42:46598,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:42 -5:00 GMT,71.87.68.73:60123,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:44 -5:00 GMT,209.6.217.25:6881,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:44 -5:00 GMT,89.244.205.33:6881,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:46 -5:00 GMT,99.147.42.230:56773,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:46 -5:00 GMT,207.5.238.248:3088,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:48 -5:00 GMT,84.251.103.240:49153,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:48 -5:00 GMT,87.219.140.94:16601,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:50 -5:00 GMT,89.10.29.147:50050,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:50 -5:00 GMT,89.129.176.116:47423,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:50 -5:00 GMT,83.29.190.202:18844,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:52 -5:00 GMT,75.168.68.9:44746,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:52 -5:00 GMT,189.179.23.191:44141,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:54 -5:00 GMT,208.10.23.157:36690,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:03:54 -5:00 GMT,208.10.23.157:40035,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:03:54 -5:00 GMT,217.125.198.39:47268,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:56 -5:00 GMT,77.49.65.3:47573,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/11,20:03:58 -5:00 GMT,68.163.10.231:50240,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:58 -5:00 GMT,83.45.220.82:28802,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:58 -5:00 GMT,69.249.226.167:62229,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:03:58 -5:00 GMT,208.58.202.129:12751,99.194.194.107:49521,UDP
FWIN,2008/03/11,20:04:02 -5:00 GMT,12.208.164.131:50581,99.194.194.107:49521,TCP (flags:S)

dirty.ranja · 10:43 PM

BUT...here is one from just the past couple of minutes......weirdness....

FWIN,2008/03/12,21:29:06 -5:00 GMT,99.194.24.76:0,99.194.194.107:0,ICMP (type:8/subtype:0)
FWIN,2008/03/12,21:31:08 -5:00 GMT,80.193.164.135:1492,99.194.194.107:63699,TCP (flags:S)
FWIN,2008/03/12,21:33:14 -5:00 GMT,24.227.222.36:1183,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/12,21:33:50 -5:00 GMT,81.129.239.110:37365,99.194.194.107:49521,UDP
FWIN,2008/03/12,21:34:08 -5:00 GMT,71.180.219.41:49824,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/12,21:36:06 -5:00 GMT,75.50.182.82:4233,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/12,21:36:24 -5:00 GMT,71.1.242.206:20686,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/12,21:36:48 -5:00 GMT,67.162.40.254:30303,99.194.194.107:49521,TCP (flags:S)
FWIN,2008/03/12,21:36:54 -5:00 GMT,67.162.40.254:30335,99.194.194.107:49521,TCP (flags:S)

All day today, especially the past 15 minutes or so, it has looked like this. Weird addresses accompany these "intrusions". dhcp.embarqhsd.net, tampfl.fios.verizon.net, dyn.optonline.net, and especially sw.biz.rr.com. What is going on here? I'm really starting to freak out!

lunarlander · 12-Mar-2008, 10:50 PM #7

Maybe its a distributed denial of service attack ?

dirty.ranja · 12-Mar-2008, 11:24 PM #8

hmmmmm......I've never really heard of a DDOS attack before. I looked it up on wiki and it seems some of the "symptoms" I am experiencing are very similar to what was described. I'll say it's a safe bet that it is a DDOSA. Ok. Now, how do we handle this problem?

hewee · 13-Mar-2008, 03:03 AM #9

Have you run the ShieldsUP test on your ports?
http://www.grc.com/x/ne.dll?bh0bkyd2

Port Authority Database Help
https://www.grc.com/PortDataHelp.htm
It does not have any info on the 49521 port
https://www.grc.com/port_49521.htm

Do you have your ISP in the trust zone?
Step-by-Step: Configuring ZoneAlarm Firewall
http://www.dslwebserver.com/main/fr_...configure.html
See "Firewall Section - Zones Tab."

If your got the Zone Alarm paid version then you can do some "Custom" blocking.
Here below is what I have done. It blocks a whole lot of ports and if you got the paid version you can backup your settings too so your always have them to restore the setting.
Anytime you make changes to the setting make sure you shut down the computer too because if you reboot it will lose any new setting or changes you made with the ZA backup (not the back up you can make with pro version) but ZA own backup.

Quote:

ZoneAlarm Pro Firewall, Increasing security in the ZA firewall

From:
http://www.thepersonalconfuser.com/f...6&hl=zonealarm

-------------------------------------------------------------------------------------------

A friend at another forum I frequent wrote these tips for me to help me increase the security of my ZoneAlarm Pro firewall, and so I am thinking that some of you guys might find it usefull as it turns the humble ZoneAlarm Pro into a force to be reckoned with. Actually, I think it was written not just for me, but for anyone (newbie or advanced computer user who hasn't tried this firewall before - but if you already run it and have yours configured the way you want it then you may not want to make any changes.

Configuring The Standard Settings

Launch ZoneAlarm Pro and click to highlight the "Overview" tab on the left hand side . In the pane that appears on the right hand side click the "Preferences" tab and in the section "Check for updates" check "Manually".
In the "General" section you can also configure ZoneAlarm to load at start up which is advisable because this software is your first line defence against uninvited invasion of your computer by a whole gamult of virues,trojans,spyware, adware and bots! Virus checking software does have its place but remember that prevention is always better than cure!

ZoneAlarm Pro's program control is automatically configured. When you run it for the first time it will ask on behalf of programs installed on your system for permission to access the Internet. Your Browser will be the first to request - just tick the "Yes" box and the "Remember this setting" box and ZoneAlarm will always allow your browser access automatically.

Unless you use online databases etc., there should be no reason for any application other than a browser, email client, ftp client, streaming media player or a download manager to gain access to the Internet.

So consider what type of program it is that needs Internet access before giving ZoneAlarm permission to allow it. If it is just a driver file (.DLL) that requests Internet access, always search Windows to try and identify it. Many seudo-virii such as AdWare and sub class seven Trojans access the Internet from your system using .dll files.

Configuring The Advanced Settings

(Note) If you are NOT on a LAN (connected to another computer in a network) you can use the following section of this guide to give your firewall some real muscle....

Launch ZoneAlarm Pro and click to highlight the "Firewall" tab on the left hand side . In the pane that appears on the right hand side in the section "Internet Zone Security" set the slider control to "High"
Then click the "Custom" button in the same section.
The next settings page is divided into two sections with tabs Internet Zone and Trusted Zone at the top of the page. Under the Internet Zone tab there is a list of settings that can be accessed by scrolling. At the top is the high security settings and the only thing that should check from there is "allow broadcast/multicast". The rest should be unchecked
Scroll down until you get to the medium security settings area. Check all the boxes in this section until you get to "Block Incomming UDP Ports". When you check that you will be asked to supply a list of ports, and in the field at the bottom of the page enter
1-65535
Then go back to the list and check the box alongside "Block Outgoing UDP Ports" and at the bottom of the page enter
1-19, 22-79, 82-7999, 8082-65535
Repeat this proceedure for the following settings
"Block Incomming TCP Ports": 1-65535
"Block Outgoing TCP Ports": 1-19, 22-79, 82-7999, 8082-65535
Then click "Apply", "Ok" at the bottom of the page.

Back in the right hand "Firewall" pane go next to the yellow "Trusted Zone Security" section and set it to "high" with the slider. Click "Custom" and repeat the above proceedure this time choosing the Trusted Zone tab at the top of the settings page.

These settings will stop all incoming packets at ports 1-65535 and also block all pings, trojans etc... this will also stop all spyware or applications from phoning home from your drive without your knowledge!

(Not sure but these tips may work with the *Freeware* version of ZA also. You would just have to try it and see.)

These tips helped me a lot, so maybe, they may be of use to someone here at the forum or someone who visits here.

Regards,
Giggi

All my setting are on HIGH too.
I have the next to the last version of Zone Alarm Pro version 4.x so it's a old one but it still does it's job for me.

Firewall Section - Main Tab, Both siders are on HIGH

Firewall Section - Zones Tab, The network is my ISP and it is in the trust zone.
Read up on this one. If your on cable and it renews you IP address ever so many days it has to be able to get tru so having it in the trust zone lets it get tru. Other wise your internet may go dead and if you reboot it may work again but it will also go dead again.
This is also where your see changes about a new network come up if you add or take away a router.

Firewall Section - Expert Tab, I never added anything here.

Program Control Section - Main Tab, Program Control is on HIGH. This should be on Med so it learns what you have and then you can put it on high. After a update or upgrade of a program your have ZA ask about rights again and you may not of click yes and when it is a component it's very hard to find what one it is. You can move the Program Control down from high to med and it should find the right component on it's own when you open the program again.

Program Control Section - Programs Tab, I only give rights to programs that I use to get online with every day and for AV and Anti-malware programs o they can get updates.
Nothing on the server side needs rights so don't give then rights on the server side.

Alerts & Logs Section - Main Tab...
Alert Events Shown - I have on med
Event logging - I have on checked
Program logging - I have on high nd the custom setting are the default.

Privacy - Main tab, - Plus other there are all set to block. I don't use IE so it's easy to just block everything. If you use IE then it can be a pain to setup for each site.

E-mail Protection Section - Main Tab, everything has "On" checked

dirty.ranja · 02:09 PM

zone alarm IS configured properly, but I'm still having the same problems. how do I stop this thing??!!
here is a screenshot. alerts maxed out at 500, but they kept coming in, so the numbers started going backwards!

lunarlander · 26-Mar-2008, 09:09 PM **#11**

Ask you ISP if they can change your IP address.

hewee · 27-Mar-2008, 06:05 AM **#12**

Did you run the test on your ports?
Do you have a router?
Did you look at my setting and see if yours are the same?
Who is your ISP and are others seeing the same thing?

Because that your showing is just crazy.

Look at the screen shot of mine and that is for 4 plus years.

Noyb · 06:32 AM

I had the same thing happen once ..
Went Snow Birding in Florida .. signed up for a new ISP at usa2net with a new Address.
Got logged on and had several Spam Emails waiting on me at my new address ... that made me worry.

The next morning, my Norton Firewall sounded like a machine gun.
Call the ISP and complained ... They wanted my firewall report and they got a long one.
I also did a lot of "Whois" searching .. And emailed alot of Abuse reports.
Even got responses in French.

Eventually ... The attacks died down, but I still had to rebuild my Laptop when I got home.
Norton said I was attacking myself.
I think the ISP had been hacked .. but they wouldn't admit it.

hewee · 27-Mar-2008, 06:35 AM **#14**

Post a HijackThis v2.0.2 log also and those that can read it can help see if you got anything.

dirty.ranja · 27-Mar-2008, 08:12 AM **#15**

LUNAR: I have a dynamic IP, so it changes every 4 hours.
NOYB: I, too, have done some whois searching....but alot of the IP's I encounter, ZA Hacker ID tells me that they have been forged in order to mask the "hackers" true IP.
HEWEE: I have tested my ports, Tru Stealth Rating everytime. No, I do not have a router. My ZA is set to YOUR specs. My ISP is CenturyTel, and I know of no one else who is having this problem. I told you I wasn't crazy! That screenshot says it all. Here is the HijackThis! LogFile:

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for: