So many alerts from zonealarm

[LuNoTiCK]

OK, I am gettin a little bit to many alerts from zonealarm. I know that this has been done with many times, but should I be worried? Cause when zonealarm blocks the person it makes my computer go slow for a while also. It's not like some of you getting it, but from yesterday at like 5:30, I got 38 alerts. Some people were blocked like 5 times. Is this just random, or should I do something about it? Lots of them are different ip addresses. Like one, it occured 5 times between 11:38:26 and 12:25:06. I scanned my computer and dont have a trojan or anything, I used a trojan cleaner by moosoft, and kaspersky antivirus.

Edit: I use AT&T Worldnet service.

 

[nam ng]

38 alerts , I'd say it does the job very well, myself I only get them when conversing with low-life 3dfx fanatics in forums with dubious MODS and Web-Masters. , switching ISP for different forums seperate clean forums from dirty ones.

 

[Helznicht]

HMM, that is a bit high, but not uncommon.

Also what network/isp provider you have? @home will scan thier own users ALOT, especially if it cant see them anymore (firewall). Im sure road runner and other do too (to make sure your not doing things you not supposed to, like run a porn server or something).

I personally got tired of the software firewall running and interfering with my programs (pop-up windows and such), So I bought a hardware router/firewall. I still occasionally run Zone Alarm to make sure im not sending out and that nothin slipped by.

 

[tigerbait]

I also get alot of alerts on Zonealarm. When @home does their scans, can they tell what you have going on? I use Zonealarm and it blocks all the packets they send, but if I had a router, would they be able to detect it, and if they could, do they go after the customer?

 

[Helznicht]

I assume you use one IP from @home and share it to several PCs by use of the router.

Well they can probally tell you have a router, if someone knowledgeable looks at the logs, but most wont know the tell-tale signs. Plus I dont think @home will want to charge you more. They charge per IP address, you only have one. BUT, if you ever call tech support, dont mention the words router, hub, switch or firewall...they dont support the use of them (although its ok for your use) tech support will literally hang up on you if you do.

What there mainly looking for is:

Web Servers
FTP Servers
24/7 Game Servers

These things suck bandwidth. Keep in mind even if you do have zonealarm running (meaning @home cant scan your ports), when you run one of these servers, the firewall will have to be opened up to work properly (zonealarm auto opens when you click OK for that application use inet). At that point, @home can see what your doing.

I hope I made sense.... Bottom line, @home wont come get ya for having a router.

PS: Would like to add, when you look at your logs its easy to see which ones are @home they are the 24.xxxx and the 26.xxxx ip hits. Just for Info.

 

[MrBond]

It'd be fairlty easy for them to tell if you have a router. They just have to attempt to telnet to the manager port on that router. My Netgear says "hello, welcome to netgear administrator" or something when you telnet, so they'd be able to at least see it.

My guess is they portscan for common ports used by web servers/ftp sites, etc. You can remidy this by either using a different port alltogether (Ie: setup your CS server on port 36741) or using a webcam port (which they wouldn't really care about.) Thats how we get around the monitering machines at college

 

[Helznicht]

"webcam port (which they wouldn't really care about.) "

Dont count on that... man they scan ALOT !

I wouldnt run anything shouldnt unless you could afford to lose that isp service......:frown:

 

[Dark]

MrBond: AS far as I know, you can't telnet to the internet interface of the netgear, you have to use the local one.

 

[MrBond]

Dark, I think you're right. I may have been getting it confused with the Cisco we have at work (which I believe you can telnet remotly into). I don't remember the port number for my netgear, otherwise I'd try it from work.

As far as the webcam port goes, they may see it being open, and assume it's a webcam. I don't remember exactly what port is common to webcams. I don't know what they use to scan, it might even tell them what service is running on that port. If that's the case, then there isn't anything you can do to hide an FTP site.

 

[LuNoTiCK]

I'm not using @home, I'm using at&t worldnet, but I will be switching to verizon dsl eventually, I been waiting forever, I know that they suck but I dont feel like waiting any longer, so eventually I will have verizon. The ip's are all from different places also, well at least the ones it shows. Seemed weird, but if it's normal it's no reason for me to be worried.

 

[Helznicht]

Isnt AT&T dial-up? Do they have a broadband service?

If it is dial-up, that is ALOT of Zone hits, I would be concerned....