|
|
#1
June 8th, 2004, 06:41 PM
|
||||
|
||||
ZoneAlarm Blocked An Intrusion Through My Router
ZoneAlarm blocked an intrusion that got through my router's firewall.I'm a little confused because everything seems to be configured correctly on the router.Upon closer look,I saw that the intrusion was from the gateway address of my LAN.The only other thing that is connected to my home network is Xbox Live.Isn't that the only thing that would use my LAN gateway address?The reason I ask is I have another address for my WAN.Isn't the WAN address the one that accesses the internet?I use a wireless adapter on my Xbox.Do you think it was Xbox ZA was blocking?
I'm sorry I've asked so many question on one post? Thanks for any help you can give. |
|
#2
June 8th, 2004, 06:42 PM
|
|||
|
|||
|
Re: ZoneAlarm Blocked An Intrusion Through My Router
Actually, posting the full log entry (minus only your public IP address, if that's even in the logged entry given its nature), would help a great deal in explaining what's happening.
|
|
#3
June 8th, 2004, 07:20 PM
|
||||
|
||||
|
Re: ZoneAlarm Blocked An Intrusion Through My Router
I just checked the log and it isn't there anymore.I think the log reset when I turned off the computer last night.
Thanks LowWaterMark. |
|
#4
June 8th, 2004, 07:53 PM
|
|||
|
|||
|
Re: ZoneAlarm Blocked An Intrusion Through My Router
Did you only check the Log Viewer panel in the ZA user interface, or did you actually go to the text log file which is usually located here?:
c:\Windows\Internet Logs\ZALog.txt The Log Viewer does reset for many reasons, but generally the log files stay there longer than that unless you specifically set them to be deleted. You can open the logs in Notepad and search for the entry. Without a log entry, I'm not sure we can advise on this.  |
|
#5
June 8th, 2004, 08:16 PM
|
||||
|
||||
|
Re: ZoneAlarm Blocked An Intrusion Through My Router
ACCESS,2004/06/06,20:53:02 -5:00 GMT,dw15 was temporarily blocked from connecting to the Internet (127.0.0.1 Port 1149).,N/A,N/A
ACCESS,2004/06/06,20:53:02 -5:00 GMT,dw15 was temporarily blocked from connecting to the Internet (DNS).,N/A,N/A This is what I found.I took out my gateway address.I hope this is enough.The log was full of stuff,but I just copied the one that was blocked. Thanks LowWaterMark |
|
#6
June 8th, 2004, 09:24 PM
|
|||
|
|||
|
Re: ZoneAlarm Blocked An Intrusion Through My Router
I'm afraid there still isn't enough there to make any kind of analysis as to what happened. I was hoping from your description that it'd be an inbound blocked event like the sample below, where there would be a clear source and destination, along with port, protocol and flags.
FWIN,2004/06/07,17:51:34 -4:00 GMT,65.94.41.63:3498,MY.IP.AD.DR:9898,TCP (flags:S) If you get another alert, see if there is more information available in the alert preview. |
|
#7
June 8th, 2004, 09:57 PM
|
||||
|
||||
|
Re: ZoneAlarm Blocked An Intrusion Through My Router
Everything else on that log was just programs that I granted access.
Thanks anyway. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
