The Magic Café
Username:
Password:
[ Lost Password ]
  [ Forgot Username ]
The Magic Cafe Forum Index » » Not very magical, still... » » ZoneAlarm Firewall and Hackers (0 Likes) Printer Friendly Version

fhood
View Profile
New user
Southern California
86 Posts

Profile of fhood
I posted this same message under the "AOL Worm" thread, but wanted to repeat it here because that thread is getting old.

Thanks for the info on ZoneAlarm firewall. I downloaded it (yes, it was FREE). Now, however, I keep getting alerts popping up every 5 or 8 minutes or so saying that a remote computer (?) is attempting to connect to mine via port 1080 or port 137. Those seem to be the two ports that keep coming up. ZoneAlarm details informed me that no harm was done to my computer due to its presence. However, I am wondering who or what computer is trying to connect to mine?? I am not on any sort of LAN network -- I have a private, home computer for personal use only. The port 137 alert says that it is often used by networked computers on a LAN or something. How can this be since I'm not on a LAN??

Is a hacker repeatedly trying to get into my computer? Or is this just a "quirk" of having and using ZoneAlarm??

Any information from more experienced computer buffs would be appreciated!!

Thanks!

Frank
DavidEscapes
View Profile
Inner circle
I'm Special!
1003 Posts

Profile of DavidEscapes
Hi Frank

Don't take this answer as definative by any means, I am no expert. But it is probably being caused by a peice of software on your machine attempting to communicate with a server for whatever reason.

You can tell ZoneAlarm to not pop-up messages by double clicking on its icon and selecting:

Alerts and logs...
...main
Then highlighting off in the selection boxes.

You can still keep track of these alerts by looking at the alerts log, which is what comes up first when you click on alerts and logs.

Hope this helps.

Duncan
David Victor - The artist formally (and still occasionally) known as David Straitjacket.

My Website
Add me on facebook
fhood
View Profile
New user
Southern California
86 Posts

Profile of fhood
Thanks, Duncan!

Let me tell you this, however. One of the Alerts I got was about someone or some computer attempting to send me a "packet" over the Internet via one of my computer's ports. I clicked on the More Details tab on that alert and found out that the DNS Source was this: hn.radissonbolivia.com.bo

Well, I went into Google and did a search using that "name". I got 5 results for the Radisson Hotel in Bolivia! I have no connections whatsoever with the Radisson Hotel in Bolivia (or anywhere for that matter) nor do I have any connection with Bolivia! By the way, this has happened a few times, too. So this is what I'm picturing: some hacker sitting in a dimly lit hotel room at a Radisson Hotel in Bolivia trying to send me "packets" to my computer and in a sense trying to hack his or her way in. Could this be accurate???

Have you ever heard of such a thing (hn.radissonbolivia.com.bo)???

Thanks!

Frank
Peedlkyle
View Profile
New user
I live in my house
98 Posts

Profile of Peedlkyle
A packet simply means a "bunch" of data sent over the internet. All computers send packets, no harm done there. Zonealarm, at first, alerts you to ALL information going to and from your computer. For most people, this is happening on a constant basis with programs they have and such. Zonealarm can easily be configured to ignore this normal passage of information so you don't have to see the alerts so often. Ports are most often assigned to specific programs.

I do regret to inform you though, that port 1080 is used by Trojan Horses Subseven and Winhole, and that 137 is used by Trojans Chode, Qaz, and Msinit. Port 137 is also used by NETBIOS Name Service. I don't know what that is but I think it must be the "normally used by networks" message you got. I still would highly suggest you DO NOT ignore these warnings.

All the warnings COULD be harmless, but to make sure go to http://www.pandasoftware.com/ and try their free online virus scan or download AVG virus scan ( http://www.grisoft.com ) if you do not have a virus scanner already installed. They will most likely find these trojans if you have them and fix it up.

Zonealarm is pretty good at telling you what's wrong and usually can stop it, but the attempt is being made by someone. If Zonealarm is giving you an IP address (a string of numbers like 12.345.67.890 which is assigned to every computer on the internet) go to http://security.symantec.com and click "Trace a Potential Attack". Type in the IP address given to you and that will let you know if this really is coming from a Bolivian hotel. That site also offers two free online scans. One will look for viruses, and the other will find security holes.

I hope this helps you find out what's wrong.

PS: I haven't memorized any of the ports if that's what you're thinking. For anyone wishing to figure out which programs are assigned to which ports, you can find out here: http://www.treachery.net/security_tools/ports/. It's a very nice database for anyone worried about what's going on with their firewall.
On the other hand, you have different fingers.
fhood
View Profile
New user
Southern California
86 Posts

Profile of fhood
Thanks for that great information! I am going to visit the websites you mentioned and research this problem further.

Thanks again!

Frank
HiveMind
View Profile
Veteran user
303 Posts

Profile of HiveMind
When will the world stop misusing the term
Hacker? No offense but that word used to
mean good things until the ignorance of the
media got ahold of it and exchanged "Hacker"
for "Cracker"
"Free will is an illusion." - B.F. Skinner
Peedlkyle
View Profile
New user
I live in my house
98 Posts

Profile of Peedlkyle
I belive hacker, today at least, is used to describe both good and bad. There are many white hat hackers working for companies to fix their system because they understand how other (bad) hackers work. It's not an offensive term to say hacker alone, but obviously in this instance when someone is using Trojan Horses on someone else's system, they are most likely malicious.
On the other hand, you have different fingers.
HiveMind
View Profile
Veteran user
303 Posts

Profile of HiveMind
Yes, that's what I mean. The media has made
it that. Think about it, its more dramatic,
like a sorcerer's duel or something... its
just sad, since there WAS a term for what
everyone calls hacker now, it was "cracker"
They also occasionally make the mistake
of calling people who "hack" phones hacker...
there is a term for them too, phreaker.

I'm just bitter because the term that has
replaced "Hacker" is "Techie" and I hate
that word. Oh well it happens in the field
of magic sometimes too.
"Free will is an illusion." - B.F. Skinner
RiffClown
View Profile
Inner circle
Yorktown, Virginia (Previously Germany)
1579 Posts

Profile of RiffClown
If you truly want to know how your computer stacks up security-wise, check out https://grc.com/x/ne.dll?bh0bkyd2 . Use the Test my Shields and Probe my ports buttons for an honest appraisal you your defenses. In most cases, you can also get sound advice on closing your vulnerabilities. Steve Gibson is extremely knowledgable in computer security and gets my personal recommendation.

http://www.grc.com is a favorite on every one of my computers.

++ A word to the wise. ++ It is possible to secure a computer into uselessness so a little common sense is a big asset.
Rob "Riff, the Magical Clown" Eubank aka RiffClown
<BR>http://www.riffclown.com
<BR>Magic is not the method, but the presentation.
The Magic Cafe Forum Index » » Not very magical, still... » » ZoneAlarm Firewall and Hackers (0 Likes)
[ Top of Page ]
All content & postings Copyright © 2001-2020 Steve Brooks. All Rights Reserved.
This page was created in 0.12 seconds requiring 5 database queries.
The views and comments expressed on The Magic Café
are not necessarily those of The Magic Café, Steve Brooks, or Steve Brooks Magic.
> Privacy Statement <

ROTFL Billions and billions served! ROTFL