 Firewall |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.| Important Announcement: We have two terrific contests running on the site that I wanted all our members and guests to know about. The first contest is the HP Magic Giveaway, which is underway as of November 28th. More information can be found at this topic, which will be updated very soon with further information. The second contests, is for the chance to win two Seagate FreeAgent external hard drives. More information about this contest can be found here. These are both amazing contests and I suggest everyone submit an entry for them. - BleepingComputer Management |
  |
 Jan 15 2005, 10:05 AM
Post
#1
|
|
|
Member  Group: Members Posts: 51 Joined: 12-January 05 Member No.: 9,400  |
When my firewall pops up and says that something is trying to gain access to my computer, do I wan't to allow it or not, is there a way of finding out more information about it. For example at the moment I am getting one saying, 'Win 32 services (Svchost.exe) is being contacted from remote machine using local port 1025 (listen-listener-remote file sharing)'. Now how do I go about finding out what all that means, because I haven't got a clue? Thanks in anticipation...... O.G. |
 |
 
|
|
Jan 15 2005, 10:12 AM
Post
#2
|
|
 Bleepin' Conundrum Group: Global Moderator Posts: 9,444 Joined: 26-April 04 From: 65 miles due East of the "Logic Free Zone", in Md, USA Member No.: 235 |
In most instances you'll want to deny access.
Here's a link I use to check ports being scanned. Site is called "LinkLogger - Whos visited you today?" And this particular link tells about 1025 http://www.linklogger.com/TCP1025.htm Wait for some of our other "Pros" comments on this subject also. regards, ~Koan -------------------- Find a path?
... some do, some don't... (WR) |
|
|
|
|
Jan 15 2005, 06:59 PM
Post
#3
|
|
|
Member Group: Members Posts: 51 Joined: 12-January 05 Member No.: 9,400 |
Thanks for that Koen, it makes interesting reading, but unfortunately a lot of that goes way over my head. It's a pity that there isn't a web site where I could go and type the relevant bits of my firewall message in and get the information I am seeking back. Anyway thanks again...OG.
|
|
|
|
|
Jan 16 2005, 01:42 AM
Post
#4
|
|
 Voted most likely Group: Members Posts: 3,675 Joined: 19-September 04 From: Collingwood, Ontario, Canada Member No.: 2,883 |
Which Firewall are you using?
That Alert sounds like something is looking for your P2P Program. That would be one that is used for downloading songs and such. -------------------- **** We use our powers for good, not evil **** When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo |
|
|
|
|
Jan 16 2005, 08:41 AM
Post
#5
|
|
 Senior Member Group: Members Posts: 514 Joined: 28-July 04 Member No.: 1,719 |
Interesting topic, I get pop ups as well and it does say more info. But when I click on it there really isn't much there.
Most of mine have been on ports 137 and 1031 and some say webiste trying to gain access. This is with ZAP. I agree it would be nice if there was a place to find out instantly what really was going on, My present practice is to deny unless there are spelled out details of what is trying to gain access and i am comfortable with what it is. It took me some reading and fiddling around with this version to decide to buy it and so far I haven't any regrets except for the resources it uses, and then the issue in this post that this member has identified. I hope that there will be further comments on this. Looking forward to them!! 
-------------------- Talent is a flame. Genius is a fire.
|
|
|
|
|
Jan 16 2005, 09:34 AM
Post
#6
|
|
 Senior Member Group: Members Posts: 407 Joined: 7-December 04 From: Northern California Member No.: 6,604 |
An interesting topic. I installed ZoneAlarm (my first firewall) about a month ago after a system restore. Prior to that I was essentially "naked" except for AVG. Truly amazing to see the numerous ZA popups alerting me about something trying to gain access, most of which I do not recognize and certainly don't want. Thanks BC!
-------------------- "Love to eat them mousies, mousies what I like to eat; bite they little heads off, nibble on they tiny feet". B. Kliban
|
|
|
|
|
Jan 16 2005, 10:54 AM
Post
#7
|
|
 Forum Addict Group: Global Moderator Posts: 20,642 Joined: 11-April 04 From: Chicago, Il. Member No.: 113 |
One way to look at those firewall warnings is to see WHAT applications are involved, and ask yourself why in the world would it need to communicate.
Cheers, John -------------------- Whereof one cannot speak, thereof one should be silent.
|
|
|
|
|
Jan 16 2005, 11:21 AM
Post
#8
|
|
|
Voted most likely Group: Members Posts: 3,675 Joined: 19-September 04 From: Collingwood, Ontario, Canada Member No.: 2,883 |
Lots of good information here about which ports are used for what, different firewalls, a bunch of sites that scan your computer, info on routers etc.
-------------------- **** We use our powers for good, not evil **** When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo |
|
|
|
|
Jan 16 2005, 11:46 AM
Post
#9
|
|
 Forum Regular Group: Members Posts: 171 Joined: 29-April 04 From: London UK Member No.: 256 |
If you are using ZA, either free or Pro, the ZA users' forum can be really helpful
http://forums.zonelabs.com/zonelabs Doing a search there for "port 1025" brings up 2357 instances of references to it! http://catsearch.zonelabs.com/search/catse...sp-a=sp10030ad9 I had a query a while back - didn't read all 2357 of them though! I find the event alerts rather annoying, so I don't have them displayed, just logged invisibly - I just keep the program alerts visible. Luci2a
This post has been edited by luci2a: Jan 16 2005, 11:47 AM -------------------- Dell Dimension 4550, Intel Pentium 4 2.53 GHz, 512 MB RAM, HDD 74.4GB, 16MB ATI Rage 128 AGP 4X, XP Pro SP2, Mozilla Firefox 2 (default), IE7, OE6, AVG 7.5, D link DSL-G604T firewalled router, Pest Patrol, Spyware blaster, Spybot S&D, Ad-aware, A squared, IESpyad, SpywareGuard, Winpatrol
|
|
|
|
|
Jan 16 2005, 12:01 PM
Post
#10
|
|
|
Member Group: Members Posts: 51 Joined: 12-January 05 Member No.: 9,400 |
Leurgy, I am using Sygate PF which I have found to be pretty good for a free program. I'm satisfied with it anyway. As for the P2P bit, I don't do any file sharing or download music, so I don't know why it should be looking for me, or do they just look for people randomly?
Georgia & twinsdad, yes it is an interesting topic and one which I feel that I should learn more about, the trouble is it's so hard for this old head to take it all in though, but I will give it a good go. Incidentally this all started when I got lumbered with a couple of trojans just before Christmas, the first nastys that I have ever had, so I thought that I should check my firewall security and try to tighten things up. As part of my checks I visited Gibson Research and used his excellent ShieldsUP program which showed that I had a port open. After a bit of trial and error I traced where the problem was and altered the firewall from allow to ask. Now when I use ShieldsUP I pass with flying colours, the only trouble is I get all these pop ups now hence this thread....OG. |
|
|
|
|
Jan 16 2005, 12:19 PM
Post
#11
|
|
|
Member Group: Members Posts: 51 Joined: 12-January 05 Member No.: 9,400 |
luci2a, Had a quick look at that site, and even though I'm not on Zone Alarm I think that it will give me a bit more information about port 1025, don't think I will be reading all 2357 instances either. Cheers....OG
|
|
|
|
|
Jan 16 2005, 12:44 PM
Post
#12
|
|
|
Voted most likely Group: Members Posts: 3,675 Joined: 19-September 04 From: Collingwood, Ontario, Canada Member No.: 2,883 |
A lot of those alerts are pings and lost packets (packets that are misdireted for one reason or another). Nothing to worry about, just normal internet traffic. If you have a cable or dsl modem you will see the messages light flashing all the time. Thats internet traffic that has gone astray that the modem turns aside, even though it doesn't have a firewall it knows its not yours.
That alert that you asked about in the first post was probably looking for another machine. Unless you specifically ask for a Static IP Address (one that doesn't change) from your ISP, you are given a Dynamic one. What that means is that everytime you log on to the internet you are assigned a new IP Address. ISP's have blocks of IP Adresses that they lease when they register a domain name (say, AOL.com). When you log on you are given the next available one. So the if the person who had the one yesterday, that you have now, was using a P2P program, and someone who was downloading from him wants to complete a download, the P2P program goes looking for that IP Address he had yesterday for the rest of the download but it comes to you because you now are using that IP Address. Ergo, lost packet. Hope thats not too confusing.  By the way, if you want to see your current IP Address, go to Start>Run and type in winipcfg and click ok. In the box at the top, click the drop down arrow and select your Network Adapter (usually the other one, not PPP adapter). Write it down. Next time you log on to the internet it will probably be different. -------------------- **** We use our powers for good, not evil **** When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo |
|
|
|
|
Jan 16 2005, 03:26 PM
Post
#13
|
|
|
Forum Regular Group: Members Posts: 171 Joined: 29-April 04 From: London UK Member No.: 256 |
Hi OG
I do remember the ZA search bringing up some unexpected causes of port 1025 being open - Dell and Lexmark printers, mstask.exe, FTP server, the ZA AV scanning engine to name but a few! Good luck! Luci2a
-------------------- Dell Dimension 4550, Intel Pentium 4 2.53 GHz, 512 MB RAM, HDD 74.4GB, 16MB ATI Rage 128 AGP 4X, XP Pro SP2, Mozilla Firefox 2 (default), IE7, OE6, AVG 7.5, D link DSL-G604T firewalled router, Pest Patrol, Spyware blaster, Spybot S&D, Ad-aware, A squared, IESpyad, SpywareGuard, Winpatrol
|
|
|
|
|
Jan 17 2005, 12:06 PM
Post
#14
|
|
|
Member Group: Members Posts: 51 Joined: 12-January 05 Member No.: 9,400 |
Thanks everybody for your replies.
Leurgy,Yes I did know that my IP Address changed every time that I log on, so does that mean that I can permanently bar that alert in my first post then? I had a quick look at that site that you recomended and it seems as if it might answer a lot of the questions that I have, cheers. luci2a, The file that I changed to ask in my applications was Generic Host Process-svchost.exe, ever since then everything's been fine, exept for these annoying alerts. Thanks again...OG. |
|
|
|
|
Jan 17 2005, 12:30 PM
Post
#15
|
|
|
Forum Addict Group: Global Moderator Posts: 20,642 Joined: 11-April 04 From: Chicago, Il. Member No.: 113 |
There are two kinds of pop up notifications when you use sygate. After a while, you may want to change the notiifications off and rely more on the logs for information.
See the info in help contents/getting around/ understanding pop up messages. Cheers, John -------------------- Whereof one cannot speak, thereof one should be silent.
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 3rd December 2008 - 02:53 PM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.