ZoneAlarm Blocked An Intrusion Through My Router

Discussion in 'other firewalls' started by killian_sh, Jun 8, 2004.

Thread Status:
Not open for further replies.
  1. killian_sh

    killian_sh Registered Member

    Joined:
    May 5, 2004
    Posts:
    26
    Location:
    Virginia
    ZoneAlarm blocked an intrusion that got through my router's firewall.I'm a little confused because everything seems to be configured correctly on the router.Upon closer look,I saw that the intrusion was from the gateway address of my LAN.The only other thing that is connected to my home network is Xbox Live.Isn't that the only thing that would use my LAN gateway address?The reason I ask is I have another address for my WAN.Isn't the WAN address the one that accesses the internet?I use a wireless adapter on my Xbox.Do you think it was Xbox ZA was blocking?

    I'm sorry I've asked so many question on one post?
    Thanks for any help you can give.
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Actually, posting the full log entry (minus only your public IP address, if that's even in the logged entry given its nature), would help a great deal in explaining what's happening.
     
  3. killian_sh

    killian_sh Registered Member

    Joined:
    May 5, 2004
    Posts:
    26
    Location:
    Virginia
    I just checked the log and it isn't there anymore.I think the log reset when I turned off the computer last night.
    Thanks LowWaterMark.
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Did you only check the Log Viewer panel in the ZA user interface, or did you actually go to the text log file which is usually located here?:

    c:\Windows\Internet Logs\ZALog.txt

    The Log Viewer does reset for many reasons, but generally the log files stay there longer than that unless you specifically set them to be deleted. You can open the logs in Notepad and search for the entry.

    Without a log entry, I'm not sure we can advise on this. :doubt:
     
  5. killian_sh

    killian_sh Registered Member

    Joined:
    May 5, 2004
    Posts:
    26
    Location:
    Virginia
    ACCESS,2004/06/06,20:53:02 -5:00 GMT,dw15 was temporarily blocked from connecting to the Internet (127.0.0.1 Port 1149).,N/A,N/A
    ACCESS,2004/06/06,20:53:02 -5:00 GMT,dw15 was temporarily blocked from connecting to the Internet (DNS).,N/A,N/A

    This is what I found.I took out my gateway address.I hope this is enough.The log was full of stuff,but I just copied the one that was blocked.

    Thanks LowWaterMark
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    I'm afraid there still isn't enough there to make any kind of analysis as to what happened. I was hoping from your description that it'd be an inbound blocked event like the sample below, where there would be a clear source and destination, along with port, protocol and flags.

    FWIN,2004/06/07,17:51:34 -4:00 GMT,65.94.41.63:3498,MY.IP.AD.DR:9898,TCP (flags:S)

    If you get another alert, see if there is more information available in the alert preview.
     
  7. killian_sh

    killian_sh Registered Member

    Joined:
    May 5, 2004
    Posts:
    26
    Location:
    Virginia
    Everything else on that log was just programs that I granted access.
    Thanks anyway.
     
Loading...
Thread Status:
Not open for further replies.