ZoneAlarm Security Alert - My own ISP?
in [Firewalls]
|
Prev: M-I'5-P ersecution - BB C Newscas ters Lie & Den y Theyre Watch ing Me
Next: How to route traffic from one LAN subnet to another LAN subnet?
From: Marshall Price on 26 Dec 2007 10:36 I often get alerts like this: ------- ZoneAlarm Security Alert Protected The firewall has blocked Internet access to your computer (NetBIOS Session) from dialup-4.232.33.145.Dial1.LosAngeles1.Level3.net (4.232.33.145) (TCP Port 3436) [TCP Flags: S]. ------- Since the city name embedded therein is often my own (Miami), and I'm a dial-up user, I suspect these might be coming from Earthlink, my own ISP. How can I determine whether they are from Earthlink and whether to let them through? What about other NetBIOS Session alerts? If I click on "Don't show this dialog again," will I stop seeing all security alerts? Should I? -- Marshall Price of Miami Known to Yahoo as d021317c
From: Steve Williamson on 26 Dec 2007 12:20 On Dec 26, 3:36 pm, Marshall Price <d0213...(a)yahoo.com> wrote: > I often get alerts like this: > > ------- > ZoneAlarm Security Alert > Protected > The firewall has blocked Internet access to your computer (NetBIOS > Session) from dialup-4.232.33.145.Dial1.LosAngeles1.Level3.net > (4.232.33.145) (TCP Port 3436) [TCP Flags: S]. > ------- > > Since the city name embedded therein is often my own (Miami), and I'm a > dial-up user, I suspect these might be coming from Earthlink, my own ISP. > > How can I determine whether they are from Earthlink and whether to let > them through? What about other NetBIOS Session alerts? > > If I click on "Don't show this dialog again," will I stop seeing all > security alerts? Should I? > > -- > Marshall Price of Miami > Known to Yahoo as d021317c BLOCK BLOCK, and I say again BLOCK 'em. don't let these in! BLOCK em!
From: Marshall Price on 27 Dec 2007 00:06 Steve Williamson wrote: > On Dec 26, 3:36 pm, Marshall Price <d0213...(a)yahoo.com> wrote: >> I often get alerts like this: >> >> ------- >> ZoneAlarm Security Alert >> Protected >> The firewall has blocked Internet access to your computer (NetBIOS >> Session) from dialup-4.232.33.145.Dial1.LosAngeles1.Level3.net >> (4.232.33.145) (TCP Port 3436) [TCP Flags: S]. >> ------- >> >> Since the city name embedded therein is often my own (Miami), and I'm a >> dial-up user, I suspect these might be coming from Earthlink, my own ISP. >> >> How can I determine whether they are from Earthlink and whether to let >> them through? What about other NetBIOS Session alerts? >> >> If I click on "Don't show this dialog again," will I stop seeing all >> security alerts? Should I? >> >> -- >> Marshall Price of Miami >> Known to Yahoo as d021317c > > BLOCK BLOCK, and I say again BLOCK 'em. don't let these in! BLOCK em! All right, that's what I like to hear! Who needs NetBIOS, anyhow? Tell me more! :-) -- Marshall Price of Miami Known to Yahoo as d021317c
From: "Mr. Arnold" MR. on 27 Dec 2007 05:34 "Marshall Price" <d021317c(a)yahoo.com> wrote in message news:13n4t87bs9qrjfb(a)corp.supernews.com... > > I often get alerts like this: > > ------- > ZoneAlarm Security Alert > Protected > The firewall has blocked Internet access to your computer (NetBIOS > Session) from dialup-4.232.33.145.Dial1.LosAngeles1.Level3.net > (4.232.33.145) (TCP Port 3436) [TCP Flags: S]. > ------- > > Since the city name embedded therein is often my own (Miami), and I'm a > dial-up user, I suspect these might be coming from Earthlink, my own ISP. > > How can I determine whether they are from Earthlink and whether to let > them through? What about other NetBIOS Session alerts? Well, if you have a computer that has a direct connection to the modem, which is a direct connection to the Internet, then you remove Client for MS networks and MS File and Print sharing off of the NIC (network interface card) or the dial-up connection, and the NetBios ports are closed. The computer cannot network with other computers. The computer shouldn't have the ability to network with other computers while the computer has a direct connection to the Internet (no router between) the computer and the Internet). > > If I click on "Don't show this dialog again," will I stop seeing all > security alerts? Should I? It doens't matter when the ports are closed to begin with, because an attack cannot be initiated on the ports when they are closed. .. http://www.petri.co.il/what's_port_445_in_w2k_xp_2003.htm
From: Marshall Price on 27 Dec 2007 08:07
Mr. Arnold wrote: > "Marshall Price" <d021317c(a)yahoo.com> wrote in message > news:13n4t87bs9qrjfb(a)corp.supernews.com... >> I often get alerts like this: >> >> ------- >> ZoneAlarm Security Alert >> Protected >> The firewall has blocked Internet access to your computer (NetBIOS >> Session) from dialup-4.232.33.145.Dial1.LosAngeles1.Level3.net >> (4.232.33.145) (TCP Port 3436) [TCP Flags: S]. >> ------- >> >> Since the city name embedded therein is often my own (Miami), and I'm a >> dial-up user, I suspect these might be coming from Earthlink, my own ISP. >> >> How can I determine whether they are from Earthlink and whether to let >> them through? What about other NetBIOS Session alerts? > > Well, if you have a computer that has a direct connection to the modem, > which is a direct connection to the Internet, then you remove Client for MS > networks and MS File and Print sharing off of the NIC (network interface > card) or the dial-up connection, and the NetBios ports are closed. The > computer cannot network with other computers. The computer shouldn't have > the ability to network with other computers while the computer has a direct > connection to the Internet (no router between) the computer and the > Internet). I'm not sure I understand, but I think you're saying that if all the following conditions were met, they would present a vulnerability: + Connected to the Internet through a NIC (via ethernet) + NetBIOS enabled on that NIC + Client for MS Networks enabled + MS File and Print sharing enabled + Certain ports open Right? Also, I assume that for routine uses -- http, mail (including IMAP), news, telnet, rlogin, etc. -- "networking" (which I don't quite understand) with other computers (including my ISP's computers) is neither necessary nor desirable. Is that right? >> If I click on "Don't show this dialog again," will I stop seeing all >> security alerts? Should I? > > It doens't matter when the ports are closed to begin with, because an attack > cannot be initiated on the ports when they are closed. > . > http://www.petri.co.il/what's_port_445_in_w2k_xp_2003.htm Is port 445 a TCP port, or some other kind of port? Each of these alerts indicates a TCP port (never the same one), but I assume they refer to ports my ISP's computers are using for output, not which ports they're addressed to on my computer. I haven't seen port 445 among them, anyway, but I would like to find out whether it's blocked. Incidentally, I just received a rash of these alerts. Are they likely to be initiated by Earthlink, or could they be coming from somebody who read my post in this newsgroup and wants to have a bit of fun? -- Marshall Price of Miami Known to Yahoo as d021317c |