Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firewall


  • Please log in to reply
15 replies to this topic

#1 Old Gimmer

Old Gimmer

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 15 January 2005 - 10:05 AM

Hello, I wonder if somebody can answer this question please?

When my firewall pops up and says that something is trying to gain access to my computer, do I wan't to allow it or not, is there a way of finding out more information about it. For example at the moment I am getting one saying, 'Win 32 services (Svchost.exe) is being contacted from remote machine using local port 1025 (listen-listener-remote file sharing)'.

Now how do I go about finding out what all that means, because I haven't got a clue?

Thanks in anticipation...... O.G.

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:05:54 PM

Posted 15 January 2005 - 10:12 AM

In most instances you'll want to deny access.

Here's a link I use to check ports being scanned.

Site is called "LinkLogger - Whos visited you today?"

And this particular link tells about 1025

http://www.linklogger.com/TCP1025.htm

Wait for some of our other "Pros" comments on this subject also.

regards,
~Koan
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Old Gimmer

Old Gimmer
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 15 January 2005 - 06:59 PM

Thanks for that Koen, it makes interesting reading, but unfortunately a lot of that goes way over my head. It's a pity that there isn't a web site where I could go and type the relevant bits of my firewall message in and get the information I am seeking back. Anyway thanks again...OG.

#4 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:04:54 PM

Posted 16 January 2005 - 01:42 AM

Which Firewall are you using?

That Alert sounds like something is looking for your P2P Program. That would be one that is used for downloading songs and such.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#5 georgia

georgia

  • Members
  • 567 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 16 January 2005 - 08:41 AM

Interesting topic, I get pop ups as well and it does say more info. But when I click on it there really isn't much there.
Most of mine have been on ports 137 and 1031 and some say webiste trying to gain access. This is with ZAP.
I agree it would be nice if there was a place to find out instantly what really was going on, My present practice is to deny unless there are spelled out details of what is trying to gain access and i am comfortable with what it is.
It took me some reading and fiddling around with this version to decide to buy it and so far I haven't any regrets except for the resources it uses, and then the issue in this post that this member has identified.
I hope that there will be further comments on this.
Looking forward to them!! :thumbsup:
Talent is a flame. Genius is a fire.

#6 twinsdad

twinsdad

  • Members
  • 411 posts
  • OFFLINE
  •  
  • Location:Northern California
  • Local time:04:54 PM

Posted 16 January 2005 - 09:34 AM

An interesting topic. I installed ZoneAlarm (my first firewall) about a month ago after a system restore. Prior to that I was essentially "naked" except for AVG. Truly amazing to see the numerous ZA popups alerting me about something trying to gain access, most of which I do not recognize and certainly don't want. Thanks BC! :thumbsup:
"Love to eat them mousies, mousies what I like to eat; bite they little heads off, nibble on they tiny feet". B. Kliban

#7 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:04:54 PM

Posted 16 January 2005 - 10:54 AM

One way to look at those firewall warnings is to see WHAT applications are involved, and ask yourself why in the world would it need to communicate.
Cheers,
John
Whereof one cannot speak, thereof one should be silent.

#8 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:04:54 PM

Posted 16 January 2005 - 11:21 AM

Lots of good information here about which ports are used for what, different firewalls, a bunch of sites that scan your computer, info on routers etc.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#9 luci2a

luci2a

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London UK
  • Local time:05:54 PM

Posted 16 January 2005 - 11:46 AM

If you are using ZA, either free or Pro, the ZA users' forum can be really helpful
http://forums.zonelabs.com/zonelabs
Doing a search there for "port 1025" brings up 2357 instances of references to it!
http://catsearch.zonelabs.com/search/catse...sp-a=sp10030ad9

I had a query a while back - didn't read all 2357 of them though!
I find the event alerts rather annoying, so I don't have them displayed, just logged invisibly - I just keep the program alerts visible.

Luci2a :thumbsup:

Edited by luci2a, 16 January 2005 - 11:47 AM.


#10 Old Gimmer

Old Gimmer
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 16 January 2005 - 12:01 PM

Leurgy, I am using Sygate PF which I have found to be pretty good for a free program. I'm satisfied with it anyway. As for the P2P bit, I don't do any file sharing or download music, so I don't know why it should be looking for me, or do they just look for people randomly?

Georgia & twinsdad, yes it is an interesting topic and one which I feel that I should learn more about, the trouble is it's so hard for this old head to take it all in though, but I will give it a good go. Incidentally this all started when I got lumbered with a couple of trojans just before Christmas, the first nastys that I have ever had, so I thought that I should check my firewall security and try to tighten things up. As part of my checks I visited Gibson Research and used his excellent ShieldsUP program which showed that I had a port open. After a bit of trial and error I traced where the problem was and altered the firewall from allow to ask. Now when I use ShieldsUP I pass with flying colours, the only trouble is I get all these pop ups now hence this thread....OG.

#11 Old Gimmer

Old Gimmer
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 16 January 2005 - 12:19 PM

luci2a, Had a quick look at that site, and even though I'm not on Zone Alarm I think that it will give me a bit more information about port 1025, don't think I will be reading all 2357 instances either. Cheers....OG

#12 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:04:54 PM

Posted 16 January 2005 - 12:44 PM

A lot of those alerts are pings and lost packets (packets that are misdireted for one reason or another). Nothing to worry about, just normal internet traffic. If you have a cable or dsl modem you will see the messages light flashing all the time. Thats internet traffic that has gone astray that the modem turns aside, even though it doesn't have a firewall it knows its not yours.

That alert that you asked about in the first post was probably looking for another machine. Unless you specifically ask for a Static IP Address (one that doesn't change) from your ISP, you are given a Dynamic one. What that means is that everytime you log on to the internet you are assigned a new IP Address. ISP's have blocks of IP Adresses that they lease when they register a domain name (say, AOL.com). When you log on you are given the next available one. So the if the person who had the one yesterday, that you have now, was using a P2P program, and someone who was downloading from him wants to complete a download, the P2P program goes looking for that IP Address he had yesterday for the rest of the download but it comes to you because you now are using that IP Address. Ergo, lost packet.

Hope thats not too confusing. :thumbsup:

By the way, if you want to see your current IP Address, go to Start>Run and type in winipcfg and click ok. In the box at the top, click the drop down arrow and select your Network Adapter (usually the other one, not PPP adapter). Write it down. Next time you log on to the internet it will probably be different.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#13 luci2a

luci2a

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London UK
  • Local time:05:54 PM

Posted 16 January 2005 - 03:26 PM

Hi OG
I do remember the ZA search bringing up some unexpected causes of port 1025 being open - Dell and Lexmark printers, mstask.exe, FTP server, the ZA AV scanning engine to name but a few!

Good luck!

Luci2a :thumbsup:

#14 Old Gimmer

Old Gimmer
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 17 January 2005 - 12:06 PM

Thanks everybody for your replies.

Leurgy,Yes I did know that my IP Address changed every time that I log on, so does that mean that I can permanently bar that alert in my first post then? I had a quick look at that site that you recomended and it seems as if it might answer a lot of the questions that I have, cheers.

luci2a, The file that I changed to ask in my applications was Generic Host Process-svchost.exe, ever since then everything's been fine, exept for these annoying alerts. Thanks again...OG.

#15 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:04:54 PM

Posted 17 January 2005 - 12:30 PM

There are two kinds of pop up notifications when you use sygate. After a while, you may want to change the notiifications off and rely more on the logs for information.
See the info in help contents/getting around/ understanding pop up messages.

Cheers,
John
Whereof one cannot speak, thereof one should be silent.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users