 MacySouth Of InsanityPremium,MVM,ExMod 2004-7
join:2001-12-02
Pink Beanbag
kudos:1 | reply to Brillion
Re: Broadband Constant Reports I've started seeing entries again about 30 minutes ago and I will reiterate, I am using Kerio on this computer, not Zone Alarm. On my machines running ZA 4x I am seeing nothing.
Something else that I pointed out the other day, when I start seeing attempts to DSLReports I am also seeing hits to this IP address 209.123.102.211. When I checked this IP it's coming back as this »www.dshield.org/ipinfo.php?SANSD···t=Submit with a Net Range 209.123.0.0 - 209.123.255.255. Not sure if this is significant but thought I would point it out again.
Nil had said she had seen no requests from my IP so I'm not sure if I'm seeing the same thing as just a fluke or not.
--
If you're not living on the edge...you're taking up too much room. - Ride For The Cause
Simplicity |
|
 McSummationMmmm, Zeebas Are Tastee.Premium,MVM
join:2003-08-13
Round Rock, TX
kudos:2 | reply to Brillion
nil  , would an Ethereal sniffer trace from a "source" machine help any? |
|
TheWiseGuyDog And ButterflyPremium,MVM
join:2002-07-04
Yonkers, NY
kudos:1 Reviews:
 ·Optimum Online
2 edits | reply to Macy
said by Macy:
I've started seeing entries again about 30 minutes ago and I will reiterate, I am using Kerio on this computer, not Zone Alarm.
Could you post your Kerio log entry?
EDIT
said by Macy:
Add me to the list also.
TCP ack packet attack: Blocked: www.dslreports.com [209.123.109.175]
If this is what your seeing it is a totally different thing. You are most likely seeing an Inbound packet that has been delayed. TCP ACK packet normally is inbound in Kerio and is to an unopened port. The ZAP logs are showing Syn packets outbound. So unless the problem is that ZAP is logging this incorrectly it is a completely different issue. Given that BBR admins can see the Inbound packets from the ZAP users, I'd say it is not a logging issue and is definitely ZAP sending packets to the wrong place.
--
Dog and Butterfly |
|
 SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | reply to McSummation
said by McSummation:
nil , would an Ethereal sniffer trace from a "source" machine help any?
YES |
|
| reply to Brillion
I noticed this problem with zone alarm too but when I removed the program "Motherboard Monitor 5" the problem when away and I have not had this problem since. This program was always trying to connect to dslreports.com.:) |
|
MacySouth Of InsanityPremium,MVM,ExMod 2004-7
join:2001-12-02
Pink Beanbag
kudos:1 | reply to TheWiseGuy
That's what I was unsure about. My logs look different.
What you're saying makes perfect sense and that would be the reason why nil didn't find any requests from my IP.
Thanks for the info. By the way, my log looks exactly like the one entry I posted earlier, nothing different and the ports are staying the same, not changing as others with ZA have been seeing.
--
If you're not living on the edge...you're taking up too much room. - Ride For The Cause
Simplicity |
|
 martiColor outside the linesPremium,MVM
join:2001-12-14
Houston, TX
kudos:5 | reply to Brillion
The problem was reported to Zone Labs. The word back is:
We're investigating this report. |
|
CmmTch
join:2002-08-10
High Ridge, MO | reply to rodst
Yes, I was asked to do that and it was ok (this was what I was told in replies), I didn't know.
Link to that post, Host File
|
|
SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | reply to marti
said by Zone Labs, via marti :
We're investigating this report.
Yah, they're doing it with us; I've been on IM with a ZL tech all afternoon.
The only completely common pattern is the version number: 5.0.590.015.
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
martiColor outside the linesPremium,MVM
join:2001-12-14
Houston, TX
kudos:5 | said by Steve:
said by Zone Labs, via marti :
We're investigating this report.
Yah, they're doing it with us; I've been on IM with a ZL tech all afternoon.
The only completely common pattern is the version number: 5.0.590.015.
Thanks Steve,
I reported to my Zone Labs Team Z contact.
--
*Team Z* Member
**PCQ&A Forum** |
|
 IllIlIlllIllEliteDataPremium
join:2003-07-06
Lindenhurst, NY
kudos:7 | reply to Brillion
i guess someone at zonelabs is a member of bbr or they would rather bbr do the updates:D
--
run xp from the webhttp://ura.myvnc.com |
|
 richk_1957If ..Then..ElsePremium
join:2001-04-11
Minas Tirith | reply to Brillion
I started to see this *almost* right after I upgraded to 5, but I had other issues [posted elsewhere] so I uninstalled 5 & re-installed 4.5.594. The problem went away. I tried it on my test PC, with just windows & SAV 9 installed and the problem persisted, so I would definitely say it's something with 5
Here's the systems I tried it on:
OS = 2kpro & XP Pro, fully patched
Browsers = IE6 [fully patched] & Netscape 7.1
ZA=5.0.590.015; ZA Free
ZA options:
Check for Updates=Automatic
Load at startup=yes
Protect ZA client=no
Firewall: Internet=High; Trusted=Low
Antivirus Monitoring=On for Norton Antivirus 2002
Email protection=On |
|
McSummationMmmm, Zeebas Are Tastee.Premium,MVM
join:2003-08-13
Round Rock, TX
kudos:2 | reply to Steve
said by Steve:
said by McSummation:
nil , would an Ethereal sniffer trace from a "source" machine help any?
YES
One of the things that makes me just "I&^$&%$". Now that I want the stupid computer to mess up, it just rocks along. "Who, me mess up?"
If it starts doing it, I'll see if I can get a trace. |
|
 PacratOld and CrankyPremium,MVM
join:2001-03-10
Cortland, OH
·RoadRunner Cable
| reply to Brillion
Just an update of what's going on here:
Ever since I did a "cold boot" (complete power down and restart) I've not had any attempts logged at all... just the usual occasional blockages of incomming "pings".
I originally tried just a "warm boot" and it stopped for a few minutes and resumed. The ZA details screen did, in fact, recommend restarting the computer to see if that would clear the problem. It's not real obvious but it was their advice I took and the condition seems to have subsided... so far, for nearly 24 hours!
--
41º 19’ 6.4” N - 80º 43’ 21.8” W |
|
PacratOld and CrankyPremium,MVM
join:2001-03-10
Cortland, OH Reviews:
·RoadRunner Cable
| 
This is what happens! |
--
41º 19’ 6.4” N - 80º 43’ 21.8” W |
|
 skjWelcome to the far side of realityPremium,Mod
join:2002-04-04
Gone South | And mine connected to DSLReports.com. I wonder why the difference, other than I usually use the DSLR address. |
|
|
|
McSummationMmmm, Zeebas Are Tastee.Premium,MVM
join:2003-08-13
Round Rock, TX
kudos:2 | reply to Brillion
As a lark, I unplugged my Ethernet cable and triggered a manual ZoneAlarm update check. I got a ZA error popup. It was trying to access
http;//www.dslreports.com/http;//update.zonelabs.com/ch
The request is supposed to be to
http;//update.zonelabs.com/checkupdate.asp HTTP/1.0
Note: the ";" are supposed to be ":". ;) |
|
PacratOld and CrankyPremium,MVM
join:2001-03-10
Cortland, OH | reply to Brillion
The plot is thickening!  |
|
McSummationMmmm, Zeebas Are Tastee.Premium,MVM
join:2003-08-13
Round Rock, TX
kudos:2 | Pacrat, it looks like you and I got here at the same time with kinda the same data.
I log in to dslreports. I bet you log in to broadbandreports. |
|
PacratOld and CrankyPremium,MVM
join:2001-03-10
Cortland, OH
1 edit | Yup!:)
I'm technically challenged, but could ZA be trying to mooch a redirect off BBR's server? |
|
