i had cable installed a few weeks ago and am alarmed at the number of alerts i now receive form zonalarm.
previously with dial up after a short time using zonealarm my alerts dropped to nil, however i now find that i can receive 500 alerts over a relatively short period of time. i know that in a lot of cases this is not indicative of a problem but this morning i switched on my pc, logged on to a local site and after about ten minutes noted about 25 alerts. i used the whois function and came up with the following information

Registrant:
Vanderbilt University (VANDERBILT-DOM)
105 Computer Center
Nashville, TN 37240
US

Domain Name: VANDERBILT.EDU

Administrative Contact, Billing Contact:
Kyle, Frank (FK7) Frank.Kyle@VANDERBILT.EDU
Vanderbilt University/Academic Computing
143 Hill Center/PD Box 34
Nashville, TN 37203
615-322-2951
Technical Contact:
Burnum, Denson (DB161) burnum@CTRVAX.VANDERBILT.EDU
Vanderbilt University
Academic Computing and Information
Services
230 Appleton Place
143 Hill
Center/PD Box 34
Nashville, TN 37203
US
(615) 343-1618, (615) 322-2954, (615) 32

Record last updated on 29-Nov-2000.
Record created on 27-Jul-1987.
Database last updated on 7-Jun-2001 12:51:00 EDT.

Domain servers in listed order:

IP-SRV1.VANDERBILT.EDU 129.59.1.10
IP-SRV2.VANDERBILT.EDU 129.59.2.10
PUNCH.UTCC.UTK.EDU 128.169.201.2

now these details mean absolutely nothing to me.
i'm sitting in scotland so why would someone in vanderbilt be trying to contact my pc immediately i switch it on, is this a hacking attemt or something more innocent. what action if any should i take.
zonealarm tells me it needs more information but that it did block the attempt.
thanks for any advice you can give.
ps. i'm now at alert thirty since starting to write this.

Here's a good site to start with

www.grc.com
Test your shields with the shields up link.
While your there read about the DDos attacks he's been taking. There's lots of good stuff there to check out.

Cable modems are notorious for getting probed. I noticed the same thing when I ****ched from 56 to cable. Alot of them are harmless but you never know.

ive been reading some other posts and wonder if this may be causing the proble.
i have recently tried both kazzaa and limewire.
although when i turn my pc on i dont connect to these unless i want to search for something, if someone had previously been downloading a file from my pc and i had disconnected without realising, could this be their pc attempting to reconnect to continue the download. the fact that i have not logged on to kazzaa or limewire would i assume prevent the download resuming thus the repeated attempts.
does that sound feasible, i'm trying to prevent becoming a paranoid android

ok, i take it all the brainboxes are sleeping elsewhere in the world, i've put a shift in at work, came home, turned on the pc and am still getting the same alerts although no replies.

there are quite literally hundreds of these.
i am beginning to think it is perhaps more to do with how i have zonealarm set up as the destination location is the same on almost every alert shown since i had cable installed.
is this some form of network ping.
once again hoping for some explanation, thank you

Looks like whoever it is was looking for a trojan... thats probably why he tryed as soon as your pc came on.

I reccomend virus scanning, and also searching through your ini files to see if anything is suspicious.

You can do a free online scan a mcafee.com if you dont have any anti-viri software


--

And I doubt it is limewire or kazza because those pr0grams do not alert when a user or IP is online.

A trojan on the other hand would and does.

norm, thank you for your info. i did not realise i was posting possible sensitive info about myself.

ken here is the info from zonealarm hopefully without my personal info.

FWIN,2001/06/08,18:54:55 +1:00 GMT,160.129.26.212:3888,xxxxxxxx:6346,TCP (flags:S)
FWIN,2001/06/08,18:56:05 +1:00 GMT,160.129.26.212:3897,xxxxxxxx:6346,TCP (flags:S)
FWIN,2001/06/08,18:57:15 +1:00 GMT,160.129.26.212:3924,xxxxxxx:6346,TCP (flags:S)
FWIN,2001/06/08,18:58:25 +1:00 GMT,160.129.26.212:3933,xxxxxxxxx:6346,TCP (flags:S)
FWIN,2001/06/08,18:59:35 +1:00 GMT,160.129.26.212:3940,xxxxxxxxx:6346,TCP (flags:S)
FWIN,2001/06/08,19:00:45 +1:00 GMT,160.129.26.212:3962,xxxxxxx:6346,TCP (flags:S)
FWIN,2001/06/08,19:01:55 +1:00 GMT,160.129.26.212:3972,xxxxxxx:6346,TCP (flags:S)
FWIN,2001/06/08,19:03:05 +1:00 GMT,160.129.26.212:3990,xxxxxxx:6346,TCP (flags:S)
FWIN

ken, i am not using gnutella directly but i believe that limewire or kazzaa are built using gnutella.
it really annoys me that the net sometimes gets so much bad publicity when there are forums like this around that offer so much help to people. keep it up.

Ok...
This is preety simple to figure out. The internet is a big place. Al over the world the ip block of 24.*.*.* is known.

People called "lamers", NOT "hackers" run port probes looking for trojans. Or this "lamer" found an exploit for kazza that someone else made, and is using it. These programs become very popular. There are many trojans... i dont think that the hits were directed at you... you probibaly just have a popular ip address.

Also,
I think "possible hack" does not suite this post. You are getting hits on your firewall. That has nothing to do with being "hacked"

when u get a cable connection u dont always get a fresh ip address and its possible the guy that had before youy pissed alot of people off .
I had noticed that my ip had changed one day and all the sudden za was going off LOTZ

nuthing like a good ole second hand ip from such super jerk
or maybe just a person who had used there pc in a manner that they be pinged up ther arse

go easy Randy

:rotfl: LoL Randy...
Nigel i have just recently swithed to cable and have found i am recieving twice the amount of allerts on my security software aswell (We haveto remember were in a whole new ballgame now and there is mutch more room to run around in)
The details you supplied look to me as someone is scanning a range of ip adresss for a system infected with there trogan
anyway...im sure you know how the whole trogan thing goes
i done a look up on the ip and this is what i got

Starting lookup on 129.59.2.10 - Jun 14, 2001 02:32:27
Official Name: ip-srv2.vanderbilt.edu
IP address: 129.59.2.10


Starting lookup on 129.59.1.10 - Jun 14, 2001 02:33:33
Official Name: ip-srv1.vanderbilt.edu
IP address: 129.59.1.10

so both the attacks were comin from the same addy

if i was you i wouldnt be to worried just script kiddies lookin for an infected pc~!

yeah i agree it could just be your IP that someone else used and because that person may have done something your IP gets alot of hits. My IP recently changed w/ my cable modem service and my new IP has been getting alot more hits then my old one ever did in a days time.