some one try to bend me over

Discussion in 'other firewalls' started by Mr.Blaze, Dec 12, 2002.

Thread Status:
Not open for further replies.
  1. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    yup i think thats what this was lol

    so im siting there in sneaky super stealth mode me and my tds-3 ZAP port explorer dimonds regystry protection anti spam seetings in ie and boclean and ad watch with hta stop and neo trace on stand by

    im downloading something and something is doing random scaning i feel like a a ninja or a navy seal avoiding the enmy but im arm with the latest high tech gear he he he

    but i think 5 hours was a bit much cause eventualy i recived this

    rating high typ program acess Uknowen Process-16057761 (Find Error) outgoing connection blocked 48 times

    did the badys spot the elusive blaze in zap super stealth mode?

    do i have a nasty in my bunker is there a spy in my ranks has a secret program infitrated my psc and has gone rogue? lol
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Well you may have company in the bunker if it was a blocked outgoing connection. :eek:

    But before we jump to conclusions, do you have any more detailed information - log entry?

    Regards,
    CrazyM
     
  3. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    more info how do i get more i try seaching for it found nothing did tds update scan found nothing

    did a sweep spy bot search and adware found nothing try sweet talking my pc and give it a rub dub dub and it said nothing

    try talking to zap for more info lol it just sat there stareing at me ith blank stare lol
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Were the outbound alerts generated by ZAP?

    If you do not have a utility for log analysis, you might want to look at something like VisualZone.

    If it was the firewall blocking the outbound, it would be nice to know the application (if possible), source/destination IP's and ports. Just edit your IP when posting firewall log events (123.45.xx.xxx). For these blocked outbound alerts you will be looking for the FWOUT entries.

    Regards,
    CrazyM
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi MRBlaze,

    You weren't using this FlashCatcher program by any chance at the time this happened?
    ( http://www.wilderssecurity.com/showthread.php?t=5320;start=15 )

    Regards,

    Pieter
     
  6. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Pieter

    The same thought crossed my mind. That is why the logs would be nice to see where the outbound was headed.

    Regards,
    CrazyM
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    I wasn't sure if you'd noticed that thread :)

    Regards,

    Pieter
     
  8. zappa

    zappa Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    176
    Location:
    Los Angeles, Ca.
    NeoTrace will try to get out as it has settings for location like North America/South America and will want to get set to trace once asked. My two cents.

    If not NeoTrace one of them there proggies was wanting out.
     
  9. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    nope it was out bound no destination just internet

    and the name of the program was just that Uknowen Process-16057761 (Find Error) creation date something like not valid or something to that effect

    no wasnt useing flash catcher or any thing just ideling

    only thing i could think of and i know this is going to sound very stupit but it could be an aol thing

    when aol reports an anoying error it goes something like this.

    aol or waol has caused and error if you continue to have problems try restating your computer or on 8.0 you get aol has caused an error sorry for the conviniance aol willl now close

    turns out im not 100 percent sure but awhile ago aol use to boot there customers puposely with so clled error mesages if you idel to long or if the servers where busy they kick you or give you a message do you still want to be online

    it could had been aol purposely trying to boot me but the fire wall stop the out bound error message that would explaine why i was able to finish my dowenload

    usealy if that error mesage surfices then you get kicked off of aol and aol closes its self.

    could be cause i was in zap super stealth mode i didnt get booted

    thats the only reason i can see why the outbound had no destination but come to think of it i didnt see a source reading either hmmmmmmmmm very puzzleing indeed
     
  10. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    i still dont know what it realy was but it hasnt happend algain
     
  11. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Well it could be an AOL glitch, but I have never used it, so could not offer much insight there.

    For your own peace of mind it would be nice to figure out what the outbound connection attempts were. If the alerts were from ZAP, is there any log entries of these events?

    Regards,
    CrazyM
     
  12. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,842
    Location:
    New England
    Hi Blaze,

    I'm wondering if you have event logging fully enabled in ZAP. As I'm sure you know, the screen image shown below is the "log viewer" panel in ZA. But, what you may not know is that the entries in that scrolling window are actually drawn from the ZA log file, not from the pop-up alerts...

    You should be able to review the details of all blocked connection attempts in the log viewer window, if you have event logging fully enabled. Also, you could open the ZAP logfile in Notepad and review all the entries there. Usually, the log file is in the following location:

    C:\Windows\Internet Logs\ZALog.txt

    To ensure that all events are being logged, you need to bring up the Zone Alarm user interface, select the "Alerts & Logs" panel and press the "Main" tab, then in the "Event Logging" section, select the "On" button to display the "Event logging is enabled" message.

    Note that the settings in ZAP for which events are "alerted" versus "logged to a file" are actually controlled separately. The second image below shows a setting where no events are being alerted, but "all events" are being logged. (You get to this screen via: "Alerts & Logs" panel > "Main" tab > "Advanced" button > "Alert Events" tab.) This is the way my system is set. I get no alert pop-ups, but, I can review at any time the logged events.

    You should ensure that your ZAP is set to log all events so that whenever something like what you described above happens again, you can open up the log file to get the event details. The destination address for a blocked outgoing connection attempt should always be logged within the event details.

    Hope this is of some help,
    LowWaterMark
     

    Attached Files:

  13. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,842
    Location:
    New England
    (second image referenced above)
     

    Attached Files:

  14. john2g

    john2g Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    207
    Location:
    UK
  15. FanJ

    FanJ Guest

    Thanks for the link and info, john2g !!!
     
  16. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    will if i ever catch it algain ill rip my pc apart and post it here
     
Thread Status:
Not open for further replies.