Zone alarm security alert

M

Mze

Well-Known Member
Joined
Nov 17, 2006
Messages
275
Reaction score
0
Location
Randburg - Blairgowrie
ADSL is virtually unusable this morning despite measured transfer rates of 416 KB/Sec. Line attenuation and noise levels are very good.

I have now connected to iBurst which is my backup service. Speeds measured at ±600 kbps. Faster effectively than 4096 ADSL.

Having connected to iBurst, I have had ZoneAlarm report many attempts of Internet access to my computer. The following are the last alerts reported, and are attempts that have been blocked.

(TCP Port 135)----from----- 41.208.220. 73-----------------------------(TCP Port 4861) (TCP Flags: S)
(IMAP4)-----------from----- 41.201.241. 14-----------------------------(TCP Port 2608) (TCP Flags: S)
(HTTPS)-----------from----- 41.201.241. 14-----------------------------(TCP Port 2612) (TCP Flags: S)
(HTTPS)-----------from----- 41.201.241. 14-----------------------------(TCP Port 2549) (TCP Flags: S)
(TCP Port 2967)---from----- 41.208. 72.130-----------------------------(TCP Port 4743) (TCP Flags: S)
(TCP Port 2967)---from----- 41.208.220. 73-----------------------------(TCP Port 2509) (TCP Flags: S)
(TCP Port 445)----from-wbs. 41.208.220. 73.wbs.co.za (41.208.220. 73)--(TCP Port 2413) (TCP Flags: S)
(TCP Port 2967)---from----- 41.208. 79.223-----------------------------(TCP Port 3434) (TCP Flags: S)
(TCP Port 2967)---from----- 41.208. 72.130-----------------------------(TCP Port 3667) (TCP Flags: S)
(TCP Port 445)----from wbs. 41.208.220. 73.wbs.co.za (41.208.220. 73)--(TCP Port 2528) (TCP Flags: S)
(UDP Port 12908)--from----- 75. 17. 16.148-----------------------------(UDP Port 50039)
(TCP Port 445)----from wbs. 41.208.220. 73.wbs.co.za (41.208.220. 73)--(TCP Port 4274) (TCP Flags: S)
(TCP Port 445)----from----- 41.208.218.212-----------------------------(TCP Port 3069) (TCP Flags: S)
(TCP Port 445)----from wbs. 41.208.218.212.wbs.co.za (41.208.218.212)--(TCP Port 3623) (TCP Flags: S)
(TCP Port 445)----from wbs. 41.208.220. 73.wbs.co.za (41.208.220. 73)--(TCP Port 4169) (TCP Flags: S)
(TCP Port 445)----from wbs. 41.208.220. 73.wbs.co.za (41.208.220. 73)--(TCP Port 1143) (TCP Flags: S)
(TCP Port 445)----from wbs. 41.208.220. 73.wbs.co.za (41.208.220. 73)--(TCP Port 1142) (TCP Flags: S)
(TCP Port 445)----from----- 41.208.215. 15-----------------------------(TCP Port 3690) (TCP Flags: S)
(TCP Port 445)----from----- 41.208. 79.223-----------------------------(TCP Port 1314) (TCP Flags: S)
(TCP Port 445)----from----- 41.208.203. 13-----------------------------(TCP Port 2188) (TCP Flags: S)
(TCP Port 445)----from----- 41.208.195. 23-----------------------------(TCP Port 2185) (TCP Flags: S)
(NetBios Session)-from wbs. 41.208.195. 23.wbs.co.za (41.208.195. 23)--(TCP Port 2914) (TCP Flags: S)
(TCP Port 445)----from wbs. 41.208.195. 23.wbs.co.za (41.208.195. 23)--(TCP Port 3111) (TCP Flags: S)
(TCP Port 135)----from wbs. 41.208.195. 23.wbs.co.za (41.208.195. 23)--(TCP Port 4169) (TCP Flags: S)
(NetBios Session)-from wbs. 41.208.195. 23.wbs.co.za (41.208.195. 23)--(TCP Port 4366) (TCP Flags: S)
(TCP Port 2967)---from----- 41.208.219.148-----------------------------(TCP Port 4566) (TCP Flags: S)
(TCP Port 445)----from wbs. 41.208.203. 13.wbs.co.za (41.208.203. 13)--(TCP Port 2913) (TCP Flags: S)
(TCP Port 2967)---from wbs. 41.208.220. 73.wbs.co.za (41.208.220. 73)--(TCP Port 4607) (TCP Flags: S)
(TCP Port 445)----from wbs. 41.208.220. 73.wbs.co.za (41.208.220. 73)--(TCP Port 1428) (TCP Flags: S)
(TCP Port 445)----from wbs. 41.208.203. 13.wbs.co.za (41.208.203. 13)--(TCP Port 2071) (TCP Flags: S)
(TCP Port 445)----from----- 41.208.222. 59-----------------------------(TCP Port 3289) (TCP Flags: S)
(TCP Port 445)----from wbs. 41.208.220. 73.wbs.co.za (41.208.220. 73)--(TCP Port 3201) (TCP Flags: S)
(TCP Port 1080)---from-----220.133.116.174-----------------------------(TCP Port 10562)(TCP Flags: S)
(TCP Port 8080)---from-----220.133.116.174-----------------------------(TCP Port 10562)(TCP Flags: S)
(TCP Port 2967)---from----- 41.208.218.212-----------------------------(TCP Port 2435) (TCP Flags: S)
(TCP Port 5800)---from----- 41.208.214. 81-----------------------------(TCP Port 4800) (TCP Flags: S)
(NetBios Session)-from wbs. 41.208.214. 81.wbs.co.za (41.208.214. 81)--(TCP Port 1047) (TCP Flags: S)
(TCP Port 1433)---from wbs. 41.208.214. 81.wbs.co.za (41.208.214. 81)--(TCP Port 1157) (TCP Flags: S)
(TCP Port 445)----from wbs. 41.208.218.212.wbs.co.za (41.208.218.212)--(TCP Port 4837) (TCP Flags: S)
(TCP Port 445)----from wbs. 41.208.220. 73.wbs.co.za (41.208.220. 73)--(TCP Port 2847) (TCP Flags: S)
(UDP Port 23798)--from----- 86.205.135. 96-----------------------------(UDP Port 31404)
(UDP Port 23798)--from----- 88.160. 73. 74-----------------------------(UDP Port 41955)

My questions are:
What are these attempts at accessing my computer from the internet?
Why are they being made only when connected to iBurst?
 
Last edited:
Hmmmm do you use ibursts modem software? Since most of the attempts involve wbs.co.za I think it's likely that software communicating with them in one way or another.

Generally I'd ignore firewalls moaning about attempts for access. They're all paranoid (for paranoid people at that) and will have heart attacks if you merely look at them funny.
 
Basjohn said:
Hmmmm do you use ibursts modem software? Since most of the attempts involve wbs.co.za I think it's likely that software communicating with them in one way or another.

Generally I'd ignore firewalls moaning about attempts for access. They're all paranoid (for paranoid people at that) and will have heart attacks if you merely look at them funny.
Click to expand...

I connect using Ethernet on one of the Windoze machine, and Zone Alarm still picks up those intrusion.

Mostly seams to be within the tsruBi Network:p
 
UTD Software

I am using the latest UTD firmware and am using USB connection.

I can see .41.208.XXX.XXX attempts, but what would the others be?
 
You worry too much, what you are seeing is normal if you are connected to the internet, there are bound to be attempts to "get to your system" as well as less harmful probing, but thats what your firewall is for to catch such attempts and block them.
 
I did a quick WHOIS on those IP's. It seems the 41 range are from the African Network Information Centre. The 220 range are from the Asia Pacific Network Information Center, and the 86 range are from the RIPE Network Coordination Center in Amsterdam.

The 41s are probably WBS trying to establish some type of connection with your modem. Not sure why you have those Intl's though.
 
Last edited:
The 41.208.XXX.XXX range is for iBurst CT users, I had an IP 41.208.223.73 when my UPS batteries died a bit earlier since I did not manage to start the generator in time.
The last power failure we had here really stuffed up my UPS batteries giving me only about 5 min before dropping out.
Been running for the past 4 hours on generator thanks to eskom's planning.:mad:
 
Internet Access Attempts

I find it interesting and also disturbing that this only happens when connected to iBurst, not Telkom's ADSL.

Having spent ±R7000 on data recovery and redundant disk drive acquisition arising from virus activity and hardware failure, I am entitled to feel paranoid when this activity is detected.

A further point of interest is that iBurst's "PC Security Suite" did not report this activity, while freely available firewall software did.

This food for thought can easily lead to intellectual indigestion!
 
Mze said:
A further point of interest is that iBurst's "PC Security Suite" did not report this activity, while freely available firewall software did.
Click to expand...

You can't really blame that on iBurst. It's not their own PC Security suite. They basically use McAfee Internet Security. If you want to blame someone, blame it on McAfee. :rolleyes:

PS: MrH, it's not necessarily CT users. I've also gotten the 41 range quite a few times.
 
GBM, I stand corrected and point taken, we also get the 196.46.64.xx range in CT, but the 41.208.xxx.xxx range is one of iBurst's IP ranges.

As for McAfee Internet Security, I can assure you that will never find it's way onto my system as it's such a useless piece of software.:sick:
 
MrH said:
As for McAfee Internet Security, I can assure you that will never find it's way onto my system as it's such a useless piece of software.:sick:
Click to expand...

Agreed. McAfee and Symantec are competing with each other to see who can produce the product which drains the most life out of a user's PC. :rolleyes:
 
More info...

Hi Mze

Open Zone Alarm click on the last menu item “Alerts & Logs” on the bottom left, then click on “Log Viewer”, select “Firewall” from the drop down box just below that. The last 50 scans / attacks will be displayed, right click on any item and select “More Info”. This will open a browser window with an overview, technical info and detail of the port scan / attack.

e.g. http://fwalerts.zonealarm.com/fwana...420-1023/9f976101123e8c0fc400958&tab=overview

Rgds
M
 
Had a Call

Had a call from Smitty (Good Guy This) who explained that the Lite package does this but not the Pro.

Interaction between the base-station and user gives this result.
 
OK, so he's saying that somehow the Base station knows you are on a "light" package, and then interacts with you? :p :rolleyes:
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X