All of a sudden my firewall(ZA) doesn't stop pings. That's quite a big security risk so I really need some help on troubleshooting this. My os is W2K SP2 (integrated installation), IE & OE 6, all security patches and hotfixes installed and connection is permanent(cable).
The only difference between this setup and my previous is IE 6 instead of 5,5 and the fact that I integrated the service pack on the CD. I've olso started to use this Direct connect program which obviously deals with file sharing and making me think this is the cause but I really don't have a clue. So, anyone? Do you think it is Sp2, IE6, Direct connect or some strange incompatibility between IE6 and ZoneAlarm? Hopefully somebody wants to help because my paranoia is growing fast.

My guess is Direct Connect and file sharing. Not to be smart, but how is it that you know it isn't stopping ping requests?
Is it possible for you to share part of your firewall log with your IP edited out?

Before this problem occured I always got an alert from ZA when an ICMP Ping request was denied but that's not the case now. Here's a bit of the firewall log:

PE,2001/11/29,20:27:28 +1:00 GMT,Logical Disk Manager service process,127.0.0.1:135,N/A
PE,2001/11/29,20:45:20 +1:00 GMT,Norton AntiVirus Agent,0.0.0.0:0,N/A
PE,2001/11/29,20:45:49 +1:00 GMT,Task Scheduler Engine,0.0.0.0:0,N/A
PE,2001/11/29,20:46:03 +1:00 GMT,LiveUpdate Engine COM Module,193.108.88.7:80,N/A
PE,2001/11/29,20:50:14 +1:00 GMT,LiveUpdate Engine COM Module,193.108.88.8:80,N/A
PE,2001/11/29,20:55:08 +1:00 GMT,Norton AntiVirus Agent,0.0.0.0:0,N/A
PE,2001/11/29,20:55:13 +1:00 GMT,LiveUpdate Engine COM Module,193.108.88.7:80,N/A
PE,2001/11/29,20:56:47 +1:00 GMT,LiveUpdate Engine COM Module,193.108.88.7:80,N/A
PE,2001/11/29,20:58:53 +1:00 GMT,wmplayer.exe,127.0.0.1:1033,N/A
PE,2001/11/29,21:10:18 +1:00 GMT,Norton AntiVirus Agent,0.0.0.0:0,N/A
PE,2001/11/29,21:23:23 +1:00 GMT,Norton AntiVirus Agent,0.0.0.0:0,N/A
PE,2001/12/01,15:05:31 +1:00 GMT,LiveUpdate Engine COM Module,193.108.88.8:80,N/A
PE,2001/12/01,15:26:04 +1:00 GMT,Refupdate.exe,66.146.2.32:80,N/A
PE,2001/12/01,15:57:53 +1:00 GMT,File Sharing over TCP/IP,127.0.0.1:1178,N/A
PE,2001/12/01,15:58:19 +1:00 GMT,File Sharing over TCP/IP,0.0.0.0:0,N/A

Go to www.network-tools.com and put in your IP and on the left of that click on the ping option. Tell us if it then says timed out or if it says reply from and your IP.

It says something about roundtrip time and is not timed out, ZoneAlarm says nothing. This is strange: one of the numbers in my Ipadress reported by this test are not the same I get if I run ipconfig /all in cmd. How come? Can you have two ipadresses? I'm getting more and more confused about this.

Technically you can have two IP adresses. When you say the IP's differ, how much are they off by. Are they one digit apart or is the whole thing different.

Are you running Zonealarm Pro or the free version???

Originally posted by Ken
Also, Security>Advanced and looked to see if somehow allow pings was checked?

Sometimes the simple things can be the problem...
It never hurts to verify... ;)

Thats what I was thinking. If he was using ZAP, maybe the allow pings was checked.

Sounds Like Zonealarm has a file or dll missing! Uninstall it. Then reinstall it. This should get back to blocking pings. Plus run a spyware program on your computer to make sure their is none in your reg. Their are a few out their, That will cause the proublem you are haveing. Goodluck;)

Welcome back Storm
:cool:

Ok, my IP number differs like this: xxx.xxx.2.xxx (reported by ipconfig), xxx.xxx.3.xxx (reported by the test site). It differs on one digit, 2 becomes 3. Is that normal?
I've uninstalled/reinstalled ZA a couple of times, removed and put back TCP/IP. Previously ran ZA but now the Pro version. No pings allowed whatsoever. It doesn't matter if I block internet with the locking option, it stills sends echoes. Tonight I tried Tiny Firewall but with the same result. I think this Direct Connect program f***** up my whole connection setup(excuse my language). Seems like format is coming closer...
I've ran AdAware many times a day and somestimes it finns some doebleclick.txt spyware bu that's it. Any of you know a way to troubleshoot networking connections from windows, like a tool from MS or any other program that analyzes your setup or so?

Its usually not normal to have your IP differ in one number like that.

When you say removing TCP/IP do you mean like uninstalling it and then adding it again. If not you should try that.

I can give you some sites to go to for info on troubleshooting TCP/IP.
Hope they help.

http://cne.gsfc.nasa.gov/tcpipsvcs/ip-tri.html

http://www.cisco.com/warp/public/112/chapter7.htm

http://socrat.psu.ru/Internetworking/Networking_CD_Bookshelf/tcpip/ch11_01.htm

http://sunsite.net.edu.cn/tutorials/NetworkingGuide/tcpT.troubleshooting.html

I wish I could be of more direct help but I don't have the nolej on TCP/IP.

As far as the use of AdAware and it finding doubleclick spyware, you will find that if you install a program like CookieWall from AnalogX (www.analogx.com) those problems will go.

Croc.

Freda, Welcome. Dizzy, In your explorer if you are useing Ie 6 Under the privacy tab after clicking on this. Go down to edit. Then added the websites. Like double click and so forth that are spyware. This will help with some of your proublems. ICMP pings can be blocked in tiny. I really don't know about Zonealarm Pro., But as far as your Ip if you are on cable It should be set up to obtain Ip automaticaly. Plus your dns should be disabled and use DHCP for wins resolution. If Your Ip keeps changing. You may have a virus or trojan . I would run a good scan on the computer. If this is not the proublem contact your provider. Sounds Like your modem is not provisioned right. Sounds Like it is picking up random Ip's .Wich Is not normal. You should not have to added your Ip manully unless you are adding to a router for frist time setup. I hope some of this helps you out. Plus try some of the web sites Croc Listed. Good luck;)