ZoneAlarm Pro 70_337_000

I think because you and Fax disagree in another thread you have taken this personal and now have taken what I call a "cheap shot ". Come on now we are all better then this.

 

Seriously, I for one appreciate the frank discussion here on this forum. I prefer it to the ZA forums where I find that disagreements w/ ZA forum officials are stifled.

 

And I think saying Cheap shots phrase is cheap is a cheap shot.

When things get tough posters should provide reasonable and consistent answers to the questions put and accept that they may be shown to be wrong. If that is not the style of that poster then they are trying to answer a question best left to others. IMHO.

If posters use 'You" it gets personal if read to closely, but that should be no surprise. Here we have to remember that it's not posters who moderate we just post Q and A's and carry on!

Oldshep has it right again.

But what is the answer to the posted question?

If the Fax doesn't know, that's acceptable maybe you know?

If not provided answers will come out anyway, in time. Is there a reference to the source of the answers please provide it That would be a contribution to knowledge and clarity.

If not others will guess and speculate and draw unpleasant conclusions and it would have been better not to guess in the 1st place.

Solid, complete, logical facts are the only thing we need can anybody help with the answers and just forget the static?

 

Detailed information about IPs registrants and ISP are publicly available on the net...

You go here: http://centralops.net/co/DomainDossier.aspx
Input your IP, check all boxes and you will get full info.

This address is registered to ZA since 1998...
This is not speculations, just recorded information:

------------------------------------------
Address lookup
canonical name cm2.zonelabs.com.
aliases
addresses 208.185.174.65


Domain Whois record
Queried whois.internic.net with "dom zonelabs.com"...

Whois Server Version 1.3

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: ZONELABS.COM
Registrar: GO DADDY SOFTWARE, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: DNS1.ZONELABS.COM
Name Server: DNS2.ZONELABS.COM
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Status: clientDeleteProhibited
Updated Date: 22-dec-2006
Creation Date: 10-nov-1998
Expiration Date: 09-nov-2013


>>> Last update of whois database: Wed, 9 May 2007 22:09:03 UTC <<<

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.

Queried whois.godaddy.com with "zonelabs.com"...

The data contained in GoDaddy.com, Inc.'s WhoIs database,
while believed by the company to be reliable, is provided "as is"
with no guarantee or warranties regarding its accuracy. This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records.
Any use of this data for any other purpose is expressly forbidden without the prior written
permission of GoDaddy.com, Inc. By submitting an inquiry,
you agree to these terms of usage and limitations of warranty. In particular,
you agree not to use this data to allow, enable, or otherwise make possible,
dissemination or collection of this data, in part or in its entirety, for any
purpose, such as the transmission of unsolicited advertising and
and solicitations of any kind, including spam. You further agree
not to use this data to enable high volume, automated or robotic electronic
processes designed to collect or compile this data for any purpose,
including mining this data for your own personal or commercial purposes.

Please note: the registrant of the domain name is specified
in the "registrant" field. In most cases, GoDaddy.com, Inc.
is not the registrant of domain names listed in this database.


Registrant:
Zone Labs, L.L.C.

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: ZONELABS.COM

Domain servers in listed order:
DNS1.ZONELABS.COM
DNS2.ZONELABS.COM


For complete domain details go to:
http://who.godaddy.com/whoischeck.aspx?Domain=ZONELABS.COM
Network Whois record
Queried whois.arin.net with "!NET-208-185-174-0-1"...

CustName: Zone Labs, Inc.
Address: 1060 Howard Street
City: San Francisco
StateProv: CA
PostalCode: 94103
Country: US
RegDate: 2003-01-16
Updated: 2003-01-16

NetRange: 208.185.174.0 - 208.185.174.255
CIDR: 208.185.174.0/24
NetName: MFN-B709-208-185-174-0-24
NetHandle: NET-208-185-174-0-1
Parent: NET-208-184-0-0-1
NetType: Reassigned
Comment: abuse@zonelabs.com
RegDate: 2003-01-16
Updated: 2003-01-16

RTechHandle: NOC41-ORG-ARIN
RTechName: AboveNet NOC
RTechPhone: +1-877-479-7378
RTechEmail: noc@above.net

OrgAbuseHandle: ABOVE-ARIN
OrgAbuseName: AboveNet Abuse
OrgAbusePhone: +1-888-636-2778
OrgAbuseEmail: abuse@above.net

OrgNOCHandle: NOC41-ORG-ARIN
OrgNOCName: AboveNet NOC
OrgNOCPhone: +1-877-479-7378
OrgNOCEmail: noc@above.net

OrgTechHandle: ABOVE1-ARIN
OrgTechName: AboveNet Engineering
OrgTechPhone: +1-888-636-2778
OrgTechEmail: arin@above.net

# ARIN WHOIS database, last updated 2007-05-09 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

DNS records
name class type data time to live
cm2.zonelabs.com IN A 208.185.174.65 86400s (1.00:00:00)
zonelabs.com IN A 209.87.209.44 86400s (1.00:00:00)
zonelabs.com IN MX preference: 10
exchange: usmail-as.zonelabs.com
86400s (1.00:00:00)
zonelabs.com IN MX preference: 20
exchange: cale-as.checkpoint.com
86400s (1.00:00:00)
zonelabs.com IN TXT v=spf1 a:hqjump.zonelabs.com a:mfnbm1.zonelabs.com ip4:66.35.244.0/24 ip4:66.35.193.0/24 ip4:64.152.127.0/24 mx -all 86400s (1.00:00:00)
zonelabs.com IN NS dns1.zonelabs.com 86400s (1.00:00:00)
zonelabs.com IN NS dns2.zonelabs.com 86400s (1.00:00:00)
zonelabs.com IN SOA server: dns1.zonelabs.com
email: hostmaster.zonelabs.com
serial: 2006071052
refresh: 21600
retry: 3600
expire: 604800
minimum ttl: 86400
86400s (1.00:00:00)
65.174.185.208.in-addr.arpa IN PTR cm2.zonelabs.com 36705s (10:11:45)

 

This would be a typical answer one would get from Z.A's forum.

 

And this would be a typical answer when you post at wilders
Nothing better to say on this

Fax

 

henryg has made a good observation, but we are here not there, so here we go again...

Text from internet is data, it doesn't become information until validated by more than one source or confirmed by repeated experiment.

My question was for gre87y most posters answer questions themselves. That is a puzzle it self.

Berge01 you seem to know about these outbound details can you expand on these concerns? The DNS names don't seem to line up here?

I used ZA site lookup in block to translate 208.185.174.65 it was the same as Berge01's firm name? Abovenet. I will look them up name wise in the financial databases to see what can be learned there, more later.
_________________________________________________________________
Originally Posted by Berge01
I am talking about this. Abovenet Communications, Inc ABOVENET-6 (NET-208-184-0-0-1)
208.184.0.0 - 208.185.255.255
_________________________________________________________________

Here are my the testing results and questions repeated to stay OP.

Hello all posters:

Just added hs2.zonelabs.com to the blocked sites list in the ZA FW.

It translated to 208.185.174.66 which is the range of ip's under review.

More testing data to follow.

I just did a manual update and ZA Client was blocked from trying to reach 17.112.152.32 which translates to www.apple.com. akadns.net. But the update ran okay.

Question: Why was an attempt made to apple?

I then ran an ASW update, and it ran without any pop ups.

I kind of like pop ups now since they teach us things we can't get any other way!

Now I'm adding 208.185.174.65 to the list, wait for it...

It is Abovenet Communications, Inc, just as Bergo1 said, good confirmation of facts. Very refreshing.

I again did an update of product, got the apple connect attempt blocked again but update was done.

The ASW ran okay no blocks or messages! Just think if we lowered the logging factors or eased the FW security these information would be lost or not poped up!

Does anybody want to test that?

Sorry my BD 10 just did it's automatic update, no messages, I can only assume they didn't try the apple connect or the Abovenet site.

Enjoy !

I'll return latter after adding more sites to block!

 

Hi!
Vaildated? Do you know what is internic.net? And arin.net?
More validated than this I don't know what to post here.

What is ICANN?
The Internet Corporation for Assigned Names and Numbers (ICANN) is responsible for managing and coordinating the Domain Name System (DNS) to ensure that every address is unique and that all users of the Internet can find all valid addresses. It does this by overseeing the distribution of unique IP addresses and domain names. It also ensures that each domain name maps to the correct IP address.

ICANN is also responsible for accrediting the domain name registrars. "Accredit" means to identify and set minimum standards for the performance of registration functions, to recognize persons or entities meeting those standards, and to enter into an accreditation agreement that sets forth the rules and procedures applicable to the provision of Registrar Services.

ICANN's role is very limited, and it is not responsible for many issues associated with the Internet, such as financial transactions, Internet content control, spam (unsolicited commercial email), Internet gambling, or data protection and privacy.

What is InterNIC?
The InterNIC website is operated by ICANN to provide the public information regarding Internet domain name registration services.

Fax

 

Gre87g:

Here is another question with a link to help you.

https://www.icsalabs.com/icsa/criteria.php?crit=44

Checkpoint is listed as member of the developer consortium.

What were the results of ZA Pro being tested against these criteria?

It's okay if you don't know. But since the OP is a request for feedback on ZA Pro you are the best person to explain this DATA (not=information)

 

Teaching what validation means is OT.

Text from internet is data, it doesn't become information until validated by more than one reliable and consistent source and confirmed by repeated experiments and more than 1 researcher.

Validated means proven to be true by more than one source and then confirmed.

But I won't divert the ip id question is still unclear. I will wait for Berge01's answer.

 

I am confused...
Is that referring to the information present in ICANN databases?
What you actually need to verify?
If the information is correct?

Fax

 

yes, I know.

.....wait for Berge01's answer

 

The question still remains, why is Zone Labs contacting Abovenet Communications?

You can block the following and still be protected by Zone Alarm, which will NOT have any type of effect on the software.

Search results for: 208.185.174.65

Abovenet Communications, Inc ABOVENET-6 (NET-208-184-0-0-1)
208.184.0.0 - 208.185.255.255
Zone Labs, Inc. MFN-B709-208-185-174-0-24 (NET-208-185-174-0-1)
208.185.174.0 - 208.185.174.255

 

Uuuhm, running in circles...
Your ZA software is contacting an IPs that is registered and owned by Zonelabs. AboveNet is the technical handler.
i.e. your ZA software is contacting a ZA server.

Looks like my posts are sort of transparent, not in term of clarity but in terms of invisibility

If you simply input the IP in the ARIN database you will get only basic information. For full details of the IP just add a "+" in front of the IP.

http://www.arin.net/whois/
You should write "+208.185.174.65" (without "...")

-----------------------------------------
CustName: Zone Labs, Inc.
Address: 1060 Howard Street
City: San Francisco
StateProv: CA
PostalCode: 94103
Country: US
RegDate: 2003-01-16
Updated: 2003-01-16

NetRange: 208.185.174.0 - 208.185.174.255
CIDR: 208.185.174.0/24
NetName: MFN-B709-208-185-174-0-24
NetHandle: NET-208-185-174-0-1
Parent: NET-208-184-0-0-1
NetType: Reassigned
Comment: abuse@zonelabs.com
RegDate: 2003-01-16
Updated: 2003-01-16

RTechHandle: NOC41-ORG-ARIN
RTechName: AboveNet NOC
RTechPhone: +1-877-479-7378
RTechEmail: noc@above.net

Fax

 

Not at all. I would of responded the same to any member who makes a reply to a question with "Probably / so what" type answer.
If the answer is known, then the answer can be given, I see no point in a reply as "Probably / so what".

 

I am sorry if "probably" and "so what" have somehow annoyed you.
I thought information from ICANN was comprehensible to anyone here in the forum. I have however tried to explain them as much as possible, up to the limit of my imperfect knowledge about the subject.

Cheers,
Fax

 

You are simply posting info on where the connection is being made to. The question is

Is the connection being made due to an update option enabled? If so, which one?.
If all update options are disabled, then ZA simply should not be making these connections.

 

I know that you like to divert the subject on ZA calling home.
But the original question was "

And I wanted to clarify that ZA is not connecting to Abovenet Communications but is connecting to a ZAlabs IP that is technically handled by Abovenet.

Why would ZA software contacting a ZA server, I have no idea and actually I don't care... as explained before. Either you trust the application you use or better you choose another one (I think we already discussed about it). I prefer to concentrate my efforts into securing my systems from external threads then securing my system from ZoneLabs connections

But that's my approach and what I posted was not related to ZA contacting ZA home but ZA contacting Abovenet.

Fax

 

Berge01,

Right, I have now blocked

208.185.174.65 which ZA Site feature translates to cm2.zonelabs.com
208.185.174.66 which ZA Site feature translates to hs2.zonelabs.com

hs2 was the start on these outbounds. As Stem knows, my concern on optimizing ZA Pro has always been to prevent any and all unapproved outbound packets that have no business leaving my PC. But I digress, that is another thread.

Fact 1:With both these blocked, zaclient.exe trys repeatedly 5 -6 times in a row to connect to www.apple.com.akadns.net.

Question 1: why is fact 1 really happening in ZA or trying to happen? If you don't knows why please either say so (refreshing thought) or don't say zip!

Fact 2: With both these blocked, zaclient.exe trys repeatedly 5 -6 times in a row to connect to cm2.zonelabs.com.

Question 2 : Why is fact 2 really happening in ZA or trying to happen?

BTW I can still update both the product and the ASW add on.

So the facts say to me ZA Pro is trying connecting and apparently not to update anything I know about.

What exactly is the total list of detailed reasons why these connect bypass attempts are being made?

 

Brilliant!!
Some fresh air finally...
I thought I was an alien.

Thank you!!
Fax

 

I do not dislike ZoneAlarm, in fact, I enjoy using the software and want to continue using it.

I just don't like the way it's "phoning home", and want to find out more about it.

Am I wrong to try?


--

 

Maysky: Keep trying.

I am holding with ZA until and if something better can be shown to work better. None will be perfect!

Dko1 has dropped ZA for another FW. There are many many to choose from probably too many. Which FW is strongest on application level outbound packet screening? If not ZA Pro which then?

We have not learned much about these outbound packets by posting. That's for sure but that is no reason to stop work on the matter.

A user could assume all is fine and there are good reasons for this phone home process or the user could assume we don't know why and needs to satisfy themselves that all is okay. Dko1 is right that ZA won't likely tell us either. Not telling actually adds to paranoia. Has anybody with good contacts to the technical higher up's there actually asked them? Just a crazy idea I guess. I am not that person I mean higher way higher up!

So if you really want to satisfy yourself then conduct tests of your own like I am or go outside Wilder's and ZA to try to find out more. It's just work. Problem is the outside sources have to be professional as well!

What about a SheildsUp or other tests! would that shed light?