HTTP server alert?

Hi,
I'm using ZAPRO 4.5 and I'm getting all the time the same alert: It's a alert caused by a HTTP Server, Zonelabs said that it can be produced by a bad shutdown with the server and my computer, however I shutdown my pc correctly and I'm getting this alert in many ocassions.
There are alert: (The directon many times are Inbound and Routed )
FWIN,2003/12/24,22:30:38 -3:00 GMT,127.0.0.1:80,200.74.4.20:1452,TCP (flags:AR)
FWROUTE,2003/12/24,22:30:58 -3:00 GMT,127.0.0.1:80,200.74.4.126:1324,TCP (flags:AR)
All the time, the IP address is the same: 127.0.0.1
What those alerts means?
Thanks.

 

Hi
>What did they say exactly about an "HTTP Server"?
Zonelabs said that is very probably that this alert was caused for a incorrect shut down between my computer and a web server.
>Do you run a local webserver?
No, I'm not running any proxi or local webserver and nothing something like that.
>Did ZL mean that some external HTTP Server (webserver) is causing this problem for you?
Yes, it's a external http server.

Note: If I put the ip 127.0.0.1 in the blocked zone, Internet Explorer can't access internet, however Opera work perfect.
Any idea on what's happening?

 

Yep, don't do that; it will screw up MSIE which relies on a loopback (for UDP) from 127.0.0.1.

Really need LowWaterMark back on this one, because my experience is with NIS/NPF, KPF, and SPF. The rule (if you need to specify one at all) is very different in ZAP and NIS/NPF and then you've got to put it in the right place (and I'm not at all sure how that is accomplished in ZAP, since I think it remains an application-based firewall rather than a rules-based firewll in which rules sequence is everything).


Since I installed a hardware router on or about 12 Dec, I've had well over 400 of these things go 'splat' against the router itself. I'm pretty sure I saw them earlier, but as I was running this box also as an ICS gateway (and you see weird things all the time in NIS/NPF on an ICS gateway box), I didn't understand their significance (but they were apparently being caught and blocked).

 

Here's the kind of stuff I'm seeing:

Code:

12-25-2003   18:07:15   **IP Spoofing** 127.0.0.1, 80->> 66.44.xx.yy, 1175 (from Modem Inbound)
12-25-2003   16:50:01   **IP Spoofing** 127.0.0.1, 80->> 66.44.xx.yy, 1960 (from Modem Inbound)
12-25-2003   16:47:39   **IP Spoofing** 127.0.0.1, 80->> 66.44.xx.yy, 1008 (from Modem Inbound)
12-25-2003   16:12:14   **IP Spoofing** 127.0.0.1, 80->> 66.44.xx.yy, 1421 (from Modem Inbound)
12-25-2003   16:08:48   **IP Spoofing** 127.0.0.1, 80->> 66.44.xx.yy, 1301 (from Modem Inbound)

Does this look familiar? (Again, these are router logs; not PSF logs. I have an external router and an external modem -- as noted in the logs events).

 

Hi,
Here more information about this extrange alert:
The data packet that ZoneAlarm Pro blocked was sent from port 80 on a web server whose IP address is 127.0.0.1. This alert usually means that a previous connection between your computer and the web server was not completely or correctly shut down.
Days ago, I test other firewall, Kerio and this alert me: Dangerous Loopback traffic blocked, and indicate the same IP of all the time.
Now ZAPRO still alert me about this ip and the traffic direction: inbound and routed.
Any help is apreciatted.
Thanks.
   
      
         
   
   
Should I be concerned?      
   
   
   
      
   

This event is nothing to be concerned about. ZoneAlarm Pro has protected you against the unlikely possibility of someone trying to take advantage of an existing, unused connection to your computer.
   
      
         
   
   
What should I do?      
   
   
   
      
   

You do not need to take any action. The web server will eventually drop the connection