Someone trying to get into my computer?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello all,

I've been on the computer a lot in the past 48 hours doing research and
writing. It seems that every 20 or 30 minutes, I receive a pop-up from Zone
Alarm advising the following:
"The firewall has blocked internet access to your computer (NetBIOS Name)
from 192.168.2.1 (192.168.2.1) (NetBIOS Name)"

What causes this? I've been experiencing privacy and security breaches in
the recent past, including financial info being unlawfully shared. Should I
be concerned? If so, what steps should I take?

Thank you,
Terry
 
In Peaceworks <Peaceworks@discussions.microsoft.com> had this to say:

My reply is at the bottom of your sent message:
Hello all,

I've been on the computer a lot in the past 48 hours doing research
and writing. It seems that every 20 or 30 minutes, I receive a pop-up
from Zone Alarm advising the following:
"The firewall has blocked internet access to your computer (NetBIOS
Name) from 192.168.2.1 (192.168.2.1) (NetBIOS Name)"

What causes this? I've been experiencing privacy and security
breaches in the recent past, including financial info being
unlawfully shared. Should I be concerned? If so, what steps should I
take?

Thank you,
Terry
Click to expand...

Well, in order for it to be 192.168.2.1 it would have to be you or someone
near you ;) That's not a public IP address. That is ZA telling you it's
doing something important so that you feel you've invested your money wisely
and that you feel it's doing a good job. Configure it properly and disable
the harrassing messages or use a better firewall. In all of the firewalls I
list for free you'll find ZA isn't one of them...

That's for a reason...

Firewalls:
www.agnitum.com - Outpost Personal Firewall
http://smb.sygate.com/products/spf_standard.htm - Sygate Personal Firewall
www.kerio.com/us/kpf_download.html - Kerio Personal Firewall

Galen
 
Thanks Galen.

I take it that was meant to be helpful? I can't quite decide.

In case it was, thanks again.
Terry
 
In Peaceworks <Peaceworks@discussions.microsoft.com> had this to say:

My reply is at the bottom of your sent message:
Thanks Galen.

I take it that was meant to be helpful? I can't quite decide.

In case it was, thanks again.
Terry
Click to expand...

It was meant to be. Your warning means that the IP address that's a "threat"
according to ZA is something on your network. No ifs ands or buts about it.
You can't make a computer mask itself as 198.162.xxx.xxx and then threaten a
network, this means that the computer is ON your network or your own
computer. It simply can't be a computer from outside of an allowed
workgroups UNLESS you're suffering from a much more specific problem like
rootkit but any decent controller (no longer you in that case) would disable
ZA but force it to remain in the taskbar and appear functional while
ignoring traffic at that IP.

The problems that ZA is detecting and reporting to you are either null and
void or are really just LAN traffic or normal configurations. My response
was to either disable the reporting feature so that you'd not be bugged by
an application reporting blocking what may very well be legitimate traffic
or to upgrade to a firewall that gave a greater control over it's
configuration. It is helpful, I hope, but perhaps needed clarification? MANY
firewalls, my own included, often throw error reports from legit traffic and
will block legitimate request which is why configuration of the firewall per
your needs is required. A car, when you first get it, doesn't have your
radio stations set, set in the right position, and all the additional
settings you want. A firewall doesn't come configured for your tastes or
your activity but rather for what the authors of the application felt would
be the most likely settings required by the average user in that marketing
niche.

In short, it was meant to help you.

Galen
 
Hey Galen,

In short, gotcha, and consider the situation remedied as per your suggestions.

Sincere thanks,
Terry
 
In Peaceworks <Peaceworks@discussions.microsoft.com> had this to say:

My reply is at the bottom of your sent message:
Hey Galen,

In short, gotcha, and consider the situation remedied as per your
suggestions.

Sincere thanks,
Terry
Click to expand...

I really hate to sound like a donkey but I'm pretty anal when it comes to
security, security is a process and not an application. I can only hope that
every computer user will understand that at some point and I don't mean you
specifically. I have real problems with ZoneAlarm and those problems are
mine and mine alone. You are free to use ANY software firewall you're
willing/able to use but please, for your own sake take the time to insure
you've made the settings fit your usage. While ZA may not be specifically
any less capable (they just recently started checking components to insure
that the running process was indeed the original starting application where
you could make any application named a trusted application access the
internet before) than the other available options it is indeed easier than
most but you seem to be capable. This? This is a compliment. It takes work
and dedication to dig out the newsgroups, add them, and opt to use them. You
seem interested in security as a process and not just sitting idle and
clicking the box when ZA warns you. My problem goes back to a marketing
choice with ZA where they completely disabled the ability for free users to
turn off automatic updates and then foisted numerous malfunctioning (and not
worthy of even beta status never mind release candidate) releases on
end-users. I have a number of issues with denial as well but please do read
on. As far as I know ZA, as a product, is an acceptable solution though I do
not and will never recommend their software until they've made changes in
their marketing practices. Again, that is my problem and mine alone. My
posts, the initial, secondary, and now tertiary, are meant to help you to
secure your computer and to understand the traffic warning that you're
seeing. They are not meant to bash a specific product but rather to decypher
the problem and give an answer accordingly.

If you're even more curious and, for example, you're not even on a LAN/WAN
then you could consider checking running processes and services to see
what's running. Have you file and print sharing enabled? Do you have a
wireless network? Where is this traffic coming from and what is it doing?
Are the other PCs set to index networked drives? That sort of thing is where
I'd start to debug this issue but in 99.999% of these cases it's legitimate
traffic doing what it's supposed to do and being erroniously blocked by the
software firewall and YES this even happens with my beloved Outpost until
I've debugged it or configured it properly. So, again, the problems with ZA
are mine and mine to hold. You can use any application you want provided you
use it wisely. Your posts show that you are doing so. My posts are only
meant to show you why this is being reported.

Enough said? Carry this down to the TCP/IP packet at the lowest level? I'm
willing to share AND learn from your experiences. I don't use ZA but I'm
almost willing to try it again now that I've heard a number of good things
about it's recent changes and functionality. I like easy and simple... ZA
provides that for the AVERAGE user but in the process of doing so it tries
to show it's working and this scares anyone who is alert to the messages it
pops up and doesn't understand the stacks or IP at a level beyond my
comprehension. Me? Personally? I know just enough to know I don't know
anything ;)

Galen
 
In Kelly <kelly@mvps.org> had this to say:

My reply is at the bottom of your sent message:
Great reply, Galen!
Click to expand...

Dearest Kelly --- Don't tell Hubby!

Anything less would be uncivilized ;)

By the way, I'd noted you were missing so I'd stepped up my 'work' and made
it a point to check. You're still on leave as far as I'm concerned or until
you tell me you're comfortable here again. I try to be honest, open,
understanding, AND willing to learn. My third response was, in my opinion,
better. I'm actually downloading ZA for the sole reason of knowing it's
configuration so that I can help people with it. I can't help if I don't
know and I can't complain if I haven't compared current product to current
product. My taskbar will seem empty on this computer without my familiar "?"
or lighthouse ;)

Galen
 
Hi again, for probably the final time tonight,

I gather Alex has passed? I have used his site material extensively in the
past year. as recently as last evening. It feels as if I've known him.

Is there something someone can suggest that would be fitting for those of us
who have benefited from his knowledge and being, to do in paying respects?

Thanks again,
Terry
 
Galen said:
In Peaceworks <Peaceworks@discussions.microsoft.com> had this to say:

My reply is at the bottom of your sent message:


I really hate to sound like a donkey but I'm pretty anal when it comes to
security, security is a process and not an application. I can only hope that
every computer user will understand that at some point and I don't mean you
specifically. I have real problems with ZoneAlarm and those problems are
mine and mine alone. You are free to use ANY software firewall you're
willing/able to use but please, for your own sake take the time to insure
you've made the settings fit your usage. While ZA may not be specifically
any less capable (they just recently started checking components to insure
that the running process was indeed the original starting application where
you could make any application named a trusted application access the
internet before) than the other available options it is indeed easier than
most but you seem to be capable. This? This is a compliment. It takes work
and dedication to dig out the newsgroups, add them, and opt to use them. You
seem interested in security as a process and not just sitting idle and
clicking the box when ZA warns you. My problem goes back to a marketing
choice with ZA where they completely disabled the ability for free users to
turn off automatic updates and then foisted numerous malfunctioning (and not
worthy of even beta status never mind release candidate) releases on
end-users. I have a number of issues with denial as well but please do read
on. As far as I know ZA, as a product, is an acceptable solution though I do
not and will never recommend their software until they've made changes in
their marketing practices. Again, that is my problem and mine alone. My
posts, the initial, secondary, and now tertiary, are meant to help you to
secure your computer and to understand the traffic warning that you're
seeing. They are not meant to bash a specific product but rather to decypher
the problem and give an answer accordingly.

If you're even more curious and, for example, you're not even on a LAN/WAN
then you could consider checking running processes and services to see
what's running. Have you file and print sharing enabled? Do you have a
wireless network? Where is this traffic coming from and what is it doing?
Are the other PCs set to index networked drives? That sort of thing is where
I'd start to debug this issue but in 99.999% of these cases it's legitimate
traffic doing what it's supposed to do and being erroniously blocked by the
software firewall and YES this even happens with my beloved Outpost until
I've debugged it or configured it properly. So, again, the problems with ZA
are mine and mine to hold. You can use any application you want provided you
use it wisely. Your posts show that you are doing so. My posts are only
meant to show you why this is being reported.

Enough said? Carry this down to the TCP/IP packet at the lowest level? I'm
willing to share AND learn from your experiences. I don't use ZA but I'm
almost willing to try it again now that I've heard a number of good things
about it's recent changes and functionality. I like easy and simple... ZA
provides that for the AVERAGE user but in the process of doing so it tries
to show it's working and this scares anyone who is alert to the messages it
pops up and doesn't understand the stacks or IP at a level beyond my
comprehension. Me? Personally? I know just enough to know I don't know
anything ;)

Galen
--
Signature changed for a moment of silence.
Rest well Alex and we'll see you on the other side.

Hello Galen,
Click to expand...
For what it is worth, I am in total agreement with you on ZA. It
used to be
a great firewall but after the freedownload become some popular, hackers
became better at configureing it than the users. I have spoke with guys from
Check Point ( the company that owns ZA) at the RSA Expo . Although Check
Point owns it control of it has been given to Brouderbund (excuse my
misspelling). The people there are aware of the problem but it has not hurt
sells, so don't look for any improvements soon. I hate saying this, I have
made friends there, but the truth is the truth. Best of luck to all.
ps: welcome back Kelly, the group is not the same without you
Ron J
 
<snip> My problem goes back to a marketing
choice with ZA where they completely disabled the ability for free users to
turn off automatic updates ...<snip>

Galen
Click to expand...

Perhaps you are a little out of date. I run Zone Alarm 5.5.xxxx, it's the
free version and there is a choice for auto update or manual update, I run
it in Manual Update.

Rob
 
In Peaceworks <Peaceworks@discussions.microsoft.com> had this to say:

My reply is at the bottom of your sent message:
Hi again, for probably the final time tonight,

I gather Alex has passed? I have used his site material extensively
in the past year. as recently as last evening. It feels as if I've
known him.

Is there something someone can suggest that would be fitting for
those of us who have benefited from his knowledge and being, to do in
paying respects?

Thanks again,
Terry
Click to expand...

Yes he has and the world is a lesser place because of this.

This is probably the best spot to ask about this:

http://aumha.net/viewtopic.php?t=12206

Galen
 
In Canopus <BNRAGMAOKKXT@spammotel.com> had this to say:

My reply is at the bottom of your sent message:
Perhaps you are a little out of date. I run Zone Alarm 5.5.xxxx,
it's the free version and there is a choice for auto update or manual
update, I run it in Manual Update.

Rob
Click to expand...

Not so much out of date as I'm aware that they've reverted to allowing users
to opt to update and have stoped foisting malware on their free customers
but still outraged that they did so in the first place. If I go into a store
and they treat me poorly while I'm there I will drive the extra miles to go
to another store in the future instead of returning to that one.

Galen
 
In Kelly <kelly@mvps.org> had this to say:

My reply is at the bottom of your sent message:
Missing, Galen? I don't work this group. :o)
Click to expand...

I downloaded, installed, paid for, and configured ZA Pro because I figured
that I'd be better off learning about it. As you'd not been working the
group lately (I don't even know WHERE I'd posted that) you surely missed
that event. Anyhow, it's now no longer installed but it felt different to be
using a product other than Outpost. It was just plain freaky to see an empty
(to me) taskbar and have all the silly prompts come up. I set it up as
default which I figured most users would do. I let it run that way for a
while before I configured it more to my liking. Now it's still installed but
disabled and OP is back up and running. I dare say that it was one of the
most annoying applications I've ever used.

Galen
 
Back
Top