Firewall Alert Message - What is Origin?

Discussion in 'other firewalls' started by Dazed_and_Confused, Sep 25, 2005.

Thread Status:
Not open for further replies.
  1. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    A general firewall related question. I am using Zone Alarm Pro, and the Alert window says that my computer (port 3374) tried to send a TCP packet (Flag:S) to an external IP address (port 80). ZA blocked it. I've looked up the destination IP address, and it's apparently a major communications company. My question is - how can I tell what application on my computer is trying to send this packet of information? o_O ZA doesn't really say much about it. How frustrating!!
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Do you know if you already had a connection to this host (or a site that may use it for providing content) at the time of the alert?

    Regards,

    CrazyM
     
  3. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Not that I am aware of. Until I looked up the IP address, I'd never heard of the host before, but it appears to be a large communications (networking) company.
     
  4. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    396
    Have you checked the Event Log?
     
  5. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Yes, but there is nothing more in there that is not displayed on the log window.
     
  6. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Without detailed outbound logs it is hard to say. Were you surfing at the time? If so, the fact there was no program alert would suggest it was a permitted program and the firewall just dropped this particular outbound packet while connecting to a site or other server for content for the page you were viewing. I don't think it is anything to worry about.

    Regards,

    CrazyM
     
  7. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    I don't believe I was surfing at the time, but think your right, CM. :) I just find it strange a firewall would tell you that your computer tried to connect to the internet, but there is no way to determine which application tried to do the connecting. :(
     
  8. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Any other Internet application being used, e-mail or IM? Do you have any advanced rules for your applications in ZA Pro, such as restricting your e-mail to remote services SMTP and POP3 only?

    Regards,

    CrazyM
     
  9. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,921
    In the newer ZAP the logs are broken down into several sections via that little drop down menu. There is Firewall, and I think Programs and a few others, not sure since I don't have it running now. But you might check each of these, especially the programs/apps section and look for anything that connected out at that time. Or perhaps you've already done this?
     
  10. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Guess what! I figured it out, thanks once again to my friends at DCS. This time it was Port Explorer that came to my rescue. I had it running all night long, logging all communications. And sure enough, this morning at 09:30 it happened again. And PE tells me the offender is: C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe, a.k.a. my most least favorite piece of security software. I'm going to have to go over to the ZA forum and find out what vsmon.exe is trying to do. I have it set to check for updates MANUALLY, and to NOT share settings with ZL.


    Another mystery solved. Thanks DCS, and all above who tried to assist. :D
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.