When Zone Alarm says something like "it has blocked acces to your computer from xxx.xxx.xxx.xxx, what exactly does this mean? A WHOIS check usually reveals that its someone on a RoadRunner connection. What exactly does this mean though? Someone with RoadRunner as their ISP was trying to get in? Scanning my ports? ? :confused:

Originally posted by BIGJIMSLATE:
When Zone Alarm says something like "it has blocked acces to your computer from xxx.xxx.xxx.xxx, what exactly does this mean? A WHOIS check usually reveals that its someone on a RoadRunner connection. What exactly does this mean though? Someone with RoadRunner as their ISP was trying to get in? Scanning my ports? ? :confused:


well its possible that if RR is your provider that they may be pinging you as routine. i would monitor the ip and see how much it happens. if you are worried about it you can always go ahead and call RR and ask them if that pinging is coming from them. Sorry i wasnt more helpful.

No, I'm on Adelphia's cable networks. And its not ALWAYS Road Runner, but I'd say about half of the ip's go back there.

It doesn't happen TOO often, but at least once a week where Zone Alarm will say it blocked access.

Wouldn't worrie too much jim. Alot of that are just random scans I believe. Normally what to look for are mass attacks, such as 5-more warnings from the same ip on different ports, that would basically be someone scanning you. As far as warnings, I get about 10-15 a day. Just random stuff though. I pay attention to the ones that hit me hard. Like on irc one day, there was a guy in one of the channels that i goto that had a script that upon joining the channel would hit you 18 times. He didnt even know it wasd doing it. Freaked me out though. hehe, so random scans i wouldnt worrie about. When ever you pull up Zone and you have like 32 alerts, from the same ip, thats when i would worrie.

You can learn what those alerts are telling you by reading Robert Graham's :
FAQ: Firewall Forensics (What am I seeing?) (http://www.robertgraham.com/pubs/firewall-seen.html)

A really sweet program that breaks down and explains what the ZA alerts means is called Zonelog. It is a separate program than ZA. Get it here (http://www.zonelog.co.uk/)

You just import the ZA logs into it and it'll tell you pretty much everything.

(originally posted by 'Norm' @ Speedcorp)

[ 03-20-2001: Message edited by: lewis ]

Not too long ago ZA (not Pro version) stopped writing to the log file. It's there, the name is correct and the box in ZA is checked for sending the alerts to the log, it just doesnt do it anymore. Any ideas?