Jeg ved godt, jeg lovede ikke at belemre NG'en med spørgsmål om
ZA-advarsler, men denneher virker så usædvanlig, at jeg kommer til at spørge
jer alligevel:
Jeg fik nedenstående meddelelse fra min ZA i eftermiddags:
<snip>
ZoneAlarm has blocked an outgoing communication from your computer to port 0
on a remote computer whose IP address is 213.129.21.250.
<snip>
This alert was caused by one of three things: an old version of ZoneAlarm, a
ZoneAlarm setting, or an attempt by a malicious program to cause damage.
<Kommentar: det kan næppe være det første; jeg downloadede ZA i mandags.>
ZoneAlarm protected you, but a program on your computer may have tried to
connect to the Internet before ZoneAlarm was loaded. When ZoneAlarm is not
loaded, you may be vulnerable to programs communicating with the Internet
without your permission.
Your best protection is to download the most current version of ZoneAlarm,
and to retain the load at startup option,
<Kommentar: Den option _var_ i brug, og ZA var også 'up and running'.>
<snip, snip, snip>
Detailed Explanation
The alert you received is an uncommon alert, telling you that an application
attempted to access the Internet. The alert is uncommon because when
ZoneAlarm is up and running on your machine, it asks your permission the
first time any application attempts to access the local area network or the
Internet. If you tell ZoneAlarm to remember this answer, it silently
enforces the permission without sending out subsequent alerts each time the
program attempts a connection.
If an application attempts to connect to the Internet before ZoneAlarm is
launched, however, the initial connection attempt is not seen.
<Men ZA var som nævnt efter min bedste overbevisning allerede oppe, længe
før jeg fik denne besked.>
Meddelelsen kom, efter at jeg var gået ind på get2nets hjemmeside (for at se
på nogle af mine tekniske indstillinger.) Jeg gik derind via 'denne
computer'.
Jeg har prøvet at køre en ripe-søgning på IP-adressen, og jeg har pastet den
ind nedenfor. Jeg er bestemt ingen ørn til at læse whois-resultater, så jeg
sætter min lid til jer. Har den pågælende IP noget med get2net at gøre,
eller lignende?
Jeg har pastet meddelelsen fra ZA ind i bunden af denne post.
På forhånd tak.
Mvh.
Ripe-søgeresultat:
inetnum: 213.129.21.248 - 213.129.21.255netname: IT-OPTIMA-DK
descr: IT Optimacountry: DKadmin-c: CR4689-RIPE
tech-c: UUDK1-RIPErev-srv: ns1.dk.uu.netrev-srv:
ns2.dk.uu.net
status: ASSIGNED PAmnt-by: UUNETDK-MNT
changed: lcr@dk.uu.net 20000614source: RIPE
route: 213.129.0.0/19descr: UUNET DK Block 3origin:
AS702
mnt-by: UUNETDK-MNTchanged: lcr@dk.uu.net 19991227source:
RIPE
role: UUNET Denmark IP-operaddress: UUNET - A WorldCom Company
address: Roholmsvej 19address: DK-2620 Albertslund
address: Denmarkphone: +45 70 23 00 32fax-no: +45 70 23 00
39
e-mail: help@dk.uu.nettrouble: abuse@dk.uu.netadmin-c:
DNR-RIPE
admin-c: SB855-RIPEtech-c: DNR-RIPEtech-c: AND9-RIPE
tech-c: LARS4-RIPEtech-c: EIU1-RIPEtech-c: LAUJ1-RIPE
nic-hdl: UUDK1-RIPE
remarks: ------------------------------------------------
remarks: For complaints about abusive/malicious behavior
remarks: please contact one of the following addresses:
remarks: E-mail abuse(SPAM/UCE): abuse-mail@dk.uu.net
remarks: USENET/Newsgroup abuse: abuse-news@dk.uu.net
remarks: Security/hacking/etc : security@dk.uu.net
remarks: All other issues : abuse@dk.uu.net
remarks: ------------------------------------------------
remarks: *** IF ABUSE IS GOING ON AT THIS VERY MOMENT ***
remarks: *** PLEASE CALL +1 800 900 0241,OPTION 2,3,1 ***
remarks: ------------------------------------------------
notify: ripe-notify@dk.uu.netnotify: hm-dbm-msgs@ripe.net
mnt-by: UUNETDK-MNTchanged: daniel@dk.uu.net 20010228
changed: daniel@dk.uu.net 20010905source: RIPE
person: Carsten Ramsgaardaddress: IT Optima
address: Amaliegade 45address: DK-8600 Silkeborg
phone: +45 70204747fax-no: +45 70204748nic-hdl:
CR4689-RIPE
changed: lcr@dk.uu.net 20000614source: RIPE
---
---
---
Zonealarm-alert:
sc100001b-v2.1.8.9c
ZoneAlarm has blocked outgoing access to IP address 213.129.21.250
----------------------------------------------------------------------------
----
The ZoneAlarm firewall has successfully stopped Internet traffic from
leaving your computer. No breach in your security has occurred. Your
computer is safe.
What Happened?
ZoneAlarm has blocked an outgoing communication from your computer to port 0
on a remote computer whose IP address is 213.129.21.250. No breach in your
security has occurred and your computer is safe. This alert was caused by
one of three things: an old version of ZoneAlarm, a ZoneAlarm setting, or an
attempt by a malicious program to cause damage.
Should I be concerned?
ZoneAlarm protected you, but a program on your computer may have tried to
connect to the Internet before ZoneAlarm was loaded. When ZoneAlarm is not
loaded, you may be vulnerable to programs communicating with the Internet
without your permission.
What should I do?
Your best protection is to download the most current version of ZoneAlarm,
and to retain the load at startup option, which is configured by default
when you install the product. This option is located on the Security panel.
If you continue to receive this alert, check to see what other programs are
loading at startup. Also, make sure to scan for viruses and Trojans
regularly.
Technical Summary
From To
IP Address: 195.47.128.xxx IP Address: 213.129.21.250
Host Name: Lookup service temporarily unavailable Host Name: Lookup service
temporarily unavailable
Port: 0 Port: 0
Program: File Name:
Detailed Explanation
The alert you received is an uncommon alert, telling you that an application
attempted to access the Internet. The alert is uncommon because when
ZoneAlarm is up and running on your machine, it asks your permission the
first time any application attempts to access the local area network or the
Internet. If you tell ZoneAlarm to remember this answer, it silently
enforces the permission without sending out subsequent alerts each time the
program attempts a connection.
If an application attempts to connect to the Internet before ZoneAlarm is
launched, however, the initial connection attempt is not seen. In this case,
if ZoneAlarm is set to High security, any attempt to use that connection is
considered unauthorized, and will be blocked. The result is the alert you
just received.
One of the following scenarios probably caused this alert:
You may have started ZoneAlarm after one of your applications had already
connected to the network. To remedy this situation, close the application
and restart. In response, ZoneAlarm will do one of two things: either prompt
you for permission to let the application access the network, or use the
permissions you have already set in the Programs panel for that application.
You may be a WindowsME user. Some WindowsME users receive outbound alerts
instead of inbound alerts under rare circumstances. This is due to a bug in
ZoneAlarm version 2.1.44. This can be solved by downloading the most recent
version of ZoneAlarm.
You may have an old version of ZoneAlarm. Some obsolete versions of
ZoneAlarm contained bugs that blocked legitimate communications.
You may have malicious software on your computer that tried to access the
network before ZoneAlarm finished loading on your machine. ZoneAlarm
versions 2.6 and later incorporate improved security to minimize the
possibility of this occurring. To maximize your protection against malicious
programs, make sure you are using the latest version of ZoneAlarm. Make sure
you retain the load at startup option, which loads ZoneAlarm at Windows
startup time. This option is configured by default when you install our
product.
To check your version of ZoneAlarm, go to the Configure panel. Next to the
Zone Labs logo you will see what version of ZoneAlarm and what version of
TrueVector you are using. If you are using ZoneAlarm, the two should be the
same. You can download the most recent version of ZoneAlarm at ZoneAlarm
free download page.
Conclusion
This uncommon alert may have a benign or malicious cause. If you have ruled
out benign explanations and ZoneAlarm is loading at Windows startup, you
should look for any programs that may be trying to connect to the Internet
at boot time, before ZoneAlarm finishes loading.
----------------------------------------------------------------------------
----
For further information, please check out the following articles in the Zone
Labs Knowledgebase:
Timing Issues and ZoneAlarm
Zone Labs Knowledgebase Main Page
You may also find the following pages on the Zone Labs web site to be
helpful:
ZoneAlarm User's Manual - Programs Panel
ZoneAlarm User's Manual - Configure Panel
Announcing -- ZoneAlarm Pro!
ZoneAlarm User's Manual
Frequently Asked Questions
Zone Labs Home Page
Home | About Zone Labs | Contact Us | Press Room |
Careers | Site Map | Resources
Copyright ©1999-2001 Zone Labs, Inc., 1060 Howard Street, San Francisco, CA
94103, USA.
All rights reserved. All other trademarks are the property of their
respective owners.
|