Help with possible port scan -Zone Alarm alerts.

Discussion in 'other firewalls' started by Cap, Oct 10, 2006.

Thread Status:
Not open for further replies.
  1. Cap

    Cap Registered Member

    Joined:
    Jul 8, 2004
    Posts:
    9
    Lately I have been receiving numerous alerts form Zone alarm. All are incoming UDP packets from my DNS servers addresses. They are incoming from all three of my listed Dns servers on ports 1025 and up. They never stop and are affecting my internet use. They start from the time I boot my computer until I shut it down. I have changed IP`s, network Id`s, Mac addresses nothing stops it. I had read it maybe slow dns responses, yet it is consistent, even without connecting to the internet. While playing online ie BF2, I get connection issues every two to three minutes, when I alt-tab to check ZA all my alerts are the same DNS ones.o_O??
    I would greatly appreciate any help. or suggestions.
    Update: I have been able to play if, once bf2 is running, I ALT-TAB into my router and filter UDP, and TCP on port 53.
     
    Last edited: Oct 11, 2006
  2. Cap

    Cap Registered Member

    Joined:
    Jul 8, 2004
    Posts:
    9
  3. unhappy_viewer

    unhappy_viewer Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    259
    Very interesting to see that your DNS servers send UDP packets instead of TCP packets. Anyway, Try placing your DNS servers into the trusted zone and see if that helps.
     
  4. Cap

    Cap Registered Member

    Joined:
    Jul 8, 2004
    Posts:
    9
    I have been a little wary of doing that. Does this seem like normal DNS behaviour? If it does I certaintly will try it.
    DNS servers don`t normally initiate contact do they?
    I thought maybe ZA was acting up, I uninstalled and Installed Kerio Outpost trial. It immediately upon reboot reported port scan attack from 4.2.2.1, 4.2.2.2, 4.2.2.3. In the picture above you can see where I switched from those DNS servers to my ISP`s DNS servers.
    If I eneable the internet security on Kaspersky it also reports port scan attack.
     
  5. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Are you conected to Verizon Fios (fiber-to-the-home service)? If so that's their public server and nothing to worry.
     
  6. Cap

    Cap Registered Member

    Joined:
    Jul 8, 2004
    Posts:
    9
    No I use Telus ADSL. I had listed their DNS servers in my router, as MY ISPs ones were acting up one day. Never cghanged back. This just started like a week ago. I have since reformatted installed only drivers, AV, and firewall, abnd this takes place the minute I plug into my router. The wierd thing is this occurs with or without the router.
     
Loading...
Thread Status:
Not open for further replies.