Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zonealarm...


  • Please log in to reply
12 replies to this topic

#1 Lily Livered

Lily Livered

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 06 November 2005 - 02:23 AM

Tonight when I got on the Internet and opened ONLY two different forums that I frequent (this one and another), I kept getting Blocked alerts. For about two hours, every 10-15 minutes, I was getting five messages over and over. They were:

1. The firewall has blocked Internet access to MAC.gateway.2wire.net (172.16.1.38) (Port 445) from your computer (TCP Flags: S)

2. The firewall has blocked Internet access to MAC.gateway.2wire.net (172.16.1.38) (NetBIOS Session) from your computer (TCP Flags: S)

3. The firewall has blocked Internet access to 172.16.1.38 (NetBIOS Datagram) from your computer.

4. The firewall has blocked Internet access to your computer (ICMP Echo Request ('Ping') from MAC.gateway.2wire.net (172.16.1.38)

5. The firewall has blocked Internet access to your computer (ICMP Echo Request ('Ping') MAC.gateway.2wire.net (172.16.1.38)


'Blocked' is good, I presume. But after reading the Firewall tutorial here at BC last night and then this happening so frequently over a 2 hour period tonight, I decided I need to know more about how to use the Firewall to the best advantage. I remember reading once about the ACCESS--Trusted/Internet and SERVER--Trusted/Internet but can't find it now. I went looking for info on whether to checkmark or leave the questionmarks, but can't find that either now.

Would anyone be willing to point me in the right direction or explain these ACCESS and SERVER to me--how to handle each ? and whether to checkmark?

Or have a look at my screenshot and tell me if it looks like it should? And if any of this post is dangerous to be made public, please delete or edit it for me.

ETA: I am reading ZA's help manual thingy at present, but still don't know what to do about all those question marks. And last but not least, thank you.

Posted Image

Edited by Lily Livered, 06 November 2005 - 02:28 AM.

Dell Inspiron 6000--Mobile Intel Pentium M 730J/1.60GHz--512MB--60 or 80GB HD, can't remember for sure--wireless--XP Home SP2
AVG--ZoneAlarm--Ad-Aware SE--Spybot S&D--SpywareBlaster--SpywareGuard--Ewido--a-squared--CCleaner--HJT--IE and Firefox

BC AdBot (Login to Remove)

 


#2 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:11:05 AM

Posted 06 November 2005 - 05:56 AM

So you've updated and scanned with all your anti-xyz software?

I did a whois search on that IP address and it came back as part of a reserved block of addresses for IANA which appears to be an internet address management authority so it could just have been part af a sweep to see who's 'out there'.

The basic idea with the tick/?/X in Zone alarm is to allow/question/deny internet or LAN access to applications. If you tick everything then you weaken your firewall, if you X everything then nothing will work and if you ? everything then you will have to answer a lot of questions. The Access right means (in my limited understanding) the application can send and receive data, the Server right means it can do this even if that data is not for your use - in other words the application will receive, process and send data unrelated to what you are doing on your PC at the time. As ZA says, very few apps need Server rights so I'd give them all an X and wait to see if something stops working.
In the Access area apps like CCleaner and CWshredder don't need internet access - they probably just want to inform you of an "exciting new update" every now and again so give them the X as well. I'd do the same for Windows Media Player (but that's just me). You should tick Access for your trusted anti-spyware apps like Adaware and Spybot S&D etc otherwise how will you get them updated?

You can experiment, put an ? against the application then run it. Does it ask for access to the internet before it opens? If yes and it is a trusted application then, in the Zone Alarm dialog which opens, tick the 'remember this decision' box before you click 'Allow'. That will change the ? to a 'tick'. If it doesn't ask it doesn't need internet access to run and you can give it an X.

You should also look at the reporting/notification settings in ZA, if it has blocked stuff you probably don't want (or need) to know about it right then, it can just put the event in a log file and you can look at it later.
:thumbsup:

Edited by Rimmer, 06 November 2005 - 06:05 AM.


Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#3 Lily Livered

Lily Livered
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 07 November 2005 - 01:42 AM

I'm scared to even try to respond, Rimmer, so please be gentle with me...

Okay, I don't understand "LAN access". It has something to do with wireless, right?

I do understand that if I tick everything, I weaken...if I X everything then nothing will work and that if I ? everything I'll have to answer a lot of questions.

The Access right means (in my limited understanding) the application can send and receive data, the Server right means it can do this even if that data is not for your use - in other words the application will receive, process and send data unrelated to what you are doing on your PC at the time.


And they don't need to be doing that---sending receiving processing data unrelated to what I'm doing on the pc at the time? What kind of thing would they be sending, receiving, processing? WHY would they be doing that if it had nothing to do with what I was doing (like running their application, right?) In my ignorance of this, it sounds like they would be using my pc for their own purposes against my wishes; sounds kind of like a malware-type thing to me, even if it isn't.

When you say that you'd give them all an X on Server rights, do you mean an X in 'Trusted' AND 'Internet'? Or just in the 'Internet' column, like this:

Posted Image


I know, I'm not doing too well here. I guess I don't "get" Trusted as opposed to Internet. I think I understand the Internet part, but not the Trusted thing (ACCESS).

Really, I'd totally understand if you just conveniently forgot to respond to this thread again. I'll figure it out somehow.

Thank you for the explanations you gave....it wasn't all in vain. I did understand parts of it.
Dell Inspiron 6000--Mobile Intel Pentium M 730J/1.60GHz--512MB--60 or 80GB HD, can't remember for sure--wireless--XP Home SP2
AVG--ZoneAlarm--Ad-Aware SE--Spybot S&D--SpywareBlaster--SpywareGuard--Ewido--a-squared--CCleaner--HJT--IE and Firefox

#4 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:11:05 AM

Posted 07 November 2005 - 04:52 AM

Really, I'd totally understand if you just conveniently forgot to respond to this thread again. I'll figure it out somehow.


You don't get out of it that easily! :thumbsup:

I'm no expert on this, I'm just saying what I think I know. The detail I could be wrong about - it's up to yourself or others to correct me, but the basic ideas I'm fairly confident about.

LAN = Local Area Network, is the network you have in your house for example. It links your PCs with your router or with a print server. It could be wired, it could be wireless, its still the LAN.
If you have a communications link to another house or another city or another country then that is a WAN or Wide Area Network and things operate in a slightly different way. The Internet links LANs together over a WAN.
So in simple terms the LAN is your stuff and the WAN (or Internet) is the link to the rest-of-the-world.
The job of a firewall is to prevent unauthorised access to your PC by malicious people (or robots, or programs). Usually these malicious types are not in your home (I hope) they are in the 'rest-of-the-world' so the firewall has to distinguish between access from your home and access from elsewhere. It does this by defining two zones, Trusted and Internet. In the Trusted zone you put your home LAN (usually the firewall is smart enough to figure out that bit for itself) and everything else goes in the Internet zone. You can add or delete things from the two zones as required. For example if you had a friend down the street and you had some communications link between their PC and yours and wanted to share data you could add them to the trusted zone.

Re Server rights:

What kind of thing would they be sending, receiving, processing? WHY would they be doing that if it had nothing to do with what I was doing (like running their application, right?) In my ignorance of this, it sounds like they would be using my pc for their own purposes against my wishes; sounds kind of like a malware-type thing to me, even if it isn't.


I may not have explained this very well, since I don't understand it very well, but the sort of thing I'm talking about would be checking for updates, reporting quality of service statistics, or yes, just plain reporting back to base on how you use the application. Usually this is benign but unnecessary. For example do you really want Acrobat Reader to be able to connect to the Adobe corporation via the internet, dump some statistics and check for updates and special offers every time you open a pdf document? I don't. An X in the Server/Internet column stops it from doing that. The Server/Trusted column is probably irrelevant because Acrobat is not going to be asking your router for update info, or if it does it won't get a sensible answer. But it's not malware activity (although some come very close!).

When you say that you'd give them all an X on Server rights, do you mean an X in 'Trusted' AND 'Internet'?

Yes, in a domestic LAN there's not going to be any application updates (for example) coming from one of your own computers. (But there could be if you were on a corporate LAN so the option is there.)

Re Access rights:
This is the ability to send and recieve data if required. For example Windows Explorer - this gives you a graphic view of the files and folders on your computer - it can also be used to give a view of the files and folders on other PCs on your LAN. That's useful, so give it a tick in the Trusted zone (under Access). Are you going to use Windows Explorer (not Internet Explorer) to view files and folders across the Internet? NO. I don't even know if that's possible. So give it an X under Access/Internet. Are you interested in getting updates, or sending usage statistics to Microsoft, about Windows Explorer (if such a thing were possible)? NO. So give it an X under Server/Trusted and Internet. (You'll get your updates via Windows Update anyway). What does all this achieve? Well it means if some virus or worm infected Windows Explorer it would not be able to use that path to propogate itself to the rest of the internet community.
Similarly with your other applications, ask yourself "What do they do?" and configure Zone Alarm accordingly. If you don't know - that's what the ? is for.

Geez I rabbit on. :flowers:

I hope this verbose simplification has been of some help.
:trumpet:

Edited by Rimmer, 07 November 2005 - 05:00 AM.


Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#5 Lily Livered

Lily Livered
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 07 November 2005 - 09:26 AM

Ahhh...the light is beginning to shine! I'm "getting" it much better now. So sorry to be such a dingdong :thumbsup:

I truly appreciate your taking the time to help me understand. I'll work with it from this explanation and seek you out if I have another question!

Thanks, Rimmer :flowers:
Dell Inspiron 6000--Mobile Intel Pentium M 730J/1.60GHz--512MB--60 or 80GB HD, can't remember for sure--wireless--XP Home SP2
AVG--ZoneAlarm--Ad-Aware SE--Spybot S&D--SpywareBlaster--SpywareGuard--Ewido--a-squared--CCleaner--HJT--IE and Firefox

#6 luci2a

luci2a

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London UK
  • Local time:09:05 PM

Posted 07 November 2005 - 09:31 AM

Just popping by to say Rimmer you are a star! That is really the most helpful explanation of how ZA should be configured that I have ever seen! :thumbsup:

.....who's in charge of the awards for serious helpfulness? I reckon you deserve another one!

Luci2a

#7 Lily Livered

Lily Livered
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 07 November 2005 - 09:44 AM

Hi Luci!

I see you're the one I copycatted from on the sig....it was such a good idea! I also see that I left some out on mine--ZoneAlarm, duh!!.....thanks; I may not have noticed had you not posted here.

And that WAS a very helpful explanation from Rimmer!!

Edited by Lily Livered, 07 November 2005 - 09:46 AM.

Dell Inspiron 6000--Mobile Intel Pentium M 730J/1.60GHz--512MB--60 or 80GB HD, can't remember for sure--wireless--XP Home SP2
AVG--ZoneAlarm--Ad-Aware SE--Spybot S&D--SpywareBlaster--SpywareGuard--Ewido--a-squared--CCleaner--HJT--IE and Firefox

#8 luci2a

luci2a

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London UK
  • Local time:09:05 PM

Posted 07 November 2005 - 09:58 AM

Hi Lily!

Glad my sig was helpful! I got the idea from another board where they suggested it so that the mods knew what you had without having to go through a whole lot of questions.

...and actually, mine is out of date as I got fed up with not being able to configure ZA properly, then one of its updates was so flawed that it crashed everyone's systems, and I got a firewalled router....so I turned ZA off!
(version 6 seems to have been pretty bad for some people)

I now just use the router's firewall and the XP firewall, which never ask me any awkward questions!

I think Rimmer is great! Very patient and courteous. :thumbsup:

Now I should update my sig!

#9 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:11:05 AM

Posted 07 November 2005 - 06:26 PM

Hey, cut it out you two! :thumbsup: :flowers: :trumpet:

You're quite right about the signatures, they are very helpful to everyone answering a question. We must lobby the 'powers-that-be' to make a topic in the 'New User Orientation' forum.
I'd better fix up my own first.... :inlove:
:)

Edited by Rimmer, 07 November 2005 - 06:30 PM.


Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#10 luci2a

luci2a

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London UK
  • Local time:09:05 PM

Posted 08 November 2005 - 02:46 AM

Ooh Rimmer - so glad to have been useful! :thumbsup:

#11 Lily Livered

Lily Livered
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 08 November 2005 - 02:51 AM

Ah Luci, but did you use a particular font? I didn't. Rimmer, what font did you use?

Actually, it's scarey to put the pc info in the sig or in a post for that matter because I paid high dollar for this computer yet don't even know if I have anything good on it so I wonder how many are laughing at my sig!! <rollyeyes here><laugh here>
Dell Inspiron 6000--Mobile Intel Pentium M 730J/1.60GHz--512MB--60 or 80GB HD, can't remember for sure--wireless--XP Home SP2
AVG--ZoneAlarm--Ad-Aware SE--Spybot S&D--SpywareBlaster--SpywareGuard--Ewido--a-squared--CCleaner--HJT--IE and Firefox

#12 luci2a

luci2a

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London UK
  • Local time:09:05 PM

Posted 08 November 2005 - 03:15 AM

I used Arial size 1. Now I'm going to play with the colours a bit!

I'm not laughing at you anyway - we seem to have pretty similar set-ups! :thumbsup:

Luci2a

#13 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:11:05 AM

Posted 08 November 2005 - 04:26 AM

Acting on a tip-off from Rigel I set the font to 'Trebuchet MS', size=1 but it's still too big.
Nice font though. :thumbsup:

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users