Access attempts on port 0

Hello,
Just a quick question. I use ZA pro 4.5.594 with internet and trusted zones set at "high." I check activity using visualzone, but rarely does anything unusual show up. Usual pings/port scans on 445, 135, 139 ,etc. But the last few days I am getting a lot of access attempts and pings on port 0, which is something I've never seen before. They all are coming from bellsouth, level3 or somewhere in China. Maybe this is nothing to worry about? My question is this: does ZA block port 0 with my settings mentioned above? If not, how do I block this port?
Thanks

 

Hi BlueKey,

CrazyM is the resident firewall expert ... well one of them at least . I'm not that knowledgable about firewalls myself ... but I'd though I'd post this link for you ... as added info GRC - Steve Gibson's Shields Up Seeing as CrazyM's not around ATM.

HTH a bit.

dog -

 

Dog,
Thanks for the link. I followed up on this and am still not convinced that my box is safe from attacks on this port. Yes, grc shows it as "stealth," but I've learned in the past(as well as on another forum) that isn't always reliable. Maybe someone else knows something more about this?
Long live the classics.

 

Hi bluekey23

Can you post a couple these log entries, just xxx your public IP.
- protocol, source IP/port, destination IP/port

Regards,

CrazyM

 

BLUE

friend there is a massive Worm invasion on the internet an you can expect to see some not so usual things
If you are asking can port 0 be exploited.....yes

If you are seeking assurance that ZA is protecting port 0.....you can take the exploit test at pcflank (see: wilders free services page for link)

Your caution is admirable....definitely understandable....your question of is ZA protecting port 0.......it should be protecting ALL your ports....now for your own peace of mind you need to see that it is doing that.....I think most everyone would want to do the same.......so, do several port tests.

 

CM...sorry there buddy..we posted at the same time....will get out your way now and let you do a much better job than I possible could...seeya..

 

Crazy M,
Thanks for your offer to help. I've posted a portion of the ZA log from yesterday. I spent some time going over the past week's logs(severe eyestrain). It looks like the pings on port 0 occur in small bursts. I also went over my logs from the previous two weeks and couldn't find any pings on port 0. Looks like these pings started on 5-3. Perhaps I'm being paranoid?

General comment: I'm pretty new to this forum, but I'm very much impressed with the helpfulness and expertise of the people who post here. Your efforts(and those of many others) have taught me much and are greatly appreciated!

FWIN,2004/05/04,19:36:52 -7:00 GMT,4.178.90.84:2476,4.178.xxx.xxx:445,TCP (flags:S)
FWIN,2004/05/04,19:37:46 -7:00 GMT,4.178.63.98:0,4.178.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2004/05/04,19:37:52 -7:00 GMT,4.178.87.199:0,4.178.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2004/05/04,19:37:58 -7:00 GMT,68.93.245.86:4299,4.178.xxx.xxx:1434,UDP
FWIN,2004/05/04,19:39:04 -7:00 GMT,4.178.60.236:0,4.178.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2004/05/04,19:41:16 -7:00 GMT,4.138.60.188:0,4.178.xxx.xxx:0,ICMP (type:8/subtype:0)
ACCESS,2004/05/04,19:43:22 -7:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (209.244.0.3NS).,N/A,N/A
ACCESS,2004/05/04,19:43:22 -7:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (209.244.0.4NS).,N/A,N/A
FWIN,2004/05/04,19:43:38 -7:00 GMT,4.157.32.107:0,4.178.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2004/05/04,19:44:26 -7:00 GMT,4.178.72.229:3704,4.178.xxx.xxx:135,TCP (flags:S)
FWIN,2004/05/04,19:45:52 -7:00 GMT,4.160.171.47:0,4.178.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2004/05/04,19:46:12 -7:00 GMT,4.178.87.215:4682,4.178.xxx.xxx:135,TCP (flags:S)
FWIN,2004/05/04,19:46:48 -7:00 GMT,4.16.108.146:0,4.178.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2004/05/04,19:49:24 -7:00 GMT,4.178.150.5:3569,4.178.xxx.xxx:445,TCP (flags:S)
FWIN,2004/05/04,19:49:28 -7:00 GMT,4.178.60.236:0,4.178.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2004/05/04,19:50:04 -7:00 GMT,4.178.96.39:2822,4.178.xxx.xxx:445,TCP (flags:S)
FWIN,2004/05/04,19:50:40 -7:00 GMT,4.179.46.178:4055,4.178.xxx.xxx:445,TCP (flags:S)
FWIN,2004/05/04,19:52:36 -7:00 GMT,4.178.60.79:0,4.178.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2004/05/04,19:52:40 -7:00 GMT,4.15.109.177:3477,4.178.xxx.xxx:445,TCP (flags:S)
FWIN,2004/05/04,19:53:32 -7:00 GMT,4.178.138.89:0,4.178.xxx.xxx:0,ICMP (type:8/subtype:0)
ACCESS,2004/05/04,19:54:26 -7:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (209.244.0.3NS).,N/A,N/A
FWIN,2004/05/04,19:54:26 -7:00 GMT,4.178.33.4:2847,4.178.xxx.xxx:445,TCP (flags:S)
ACCESS,2004/05/04,19:54:26 -7:00 GMT,Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (209.244.0.4NS).,N/A,N/A
FWIN,2004/05/04,19:54:38 -7:00 GMT,4.46.65.158:0,4.178.xxx.xxx:0,ICMP (type:8/subtype:0)
FWIN,2004/05/04,19:55:34 -7:00 GMT,4.178.132.110:0,4.178.xxx.xxx:0,ICMP (type:8/subtype:0)

 

LM,
Thanks for your help.
(thanks for the editing too; have no idea how the smilies got there, but will be more careful in the future)