ZoneAlarm - Port number? - Firewalls

This is a discussion on ZoneAlarm - Port number? - Firewalls ; Hi all, I've noticed in Zonealarm several entries from a source IP in a port range I don't recognize. The range goes anywhere from 49000-49600. For example, one entry would like like such: 192.x.x.x: 49435. What program/application is it that ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: ZoneAlarm - Port number?

  1. ZoneAlarm - Port number?

    Hi all,
    I've noticed in Zonealarm several entries from a source IP in a
    port range I don't recognize. The range goes anywhere from
    49000-49600. For example, one entry would like like such: 192.x.x.x:
    49435.

    What program/application is it that is most likely scanning from that
    port? I've looked online and seen really ambiguous results like "RPC"
    related events. Could it be a keylogger or something along those
    lines?


    Thanks,
    J


  2. Re: ZoneAlarm - Port number?


    "Jeremy" wrote in message
    news:1177369607.741432.327090@n59g2000hsh.googlegr oups.com...
    > Hi all,
    > I've noticed in Zonealarm several entries from a source IP in a
    > port range I don't recognize. The range goes anywhere from
    > 49000-49600. For example, one entry would like like such: 192.x.x.x:
    > 49435.
    >
    > What program/application is it that is most likely scanning from that
    > port? I've looked online and seen really ambiguous results like "RPC"
    > related events. Could it be a keylogger or something along those
    > lines?
    >
    >
    > Thanks,
    > J
    >


    That 192.x.x.x looks to be a LAN IP on a router. Is the machine behind a
    router and what is the full 192.x.x.x as know one cares and is going to use
    a LAN IP against you?


  3. Re: ZoneAlarm - Port number?

    On Apr 23, 4:32 pm, "Mr. Arnold" wrote:
    > "Jeremy" wrote in message
    >
    > news:1177369607.741432.327090@n59g2000hsh.googlegr oups.com...
    >
    > > Hi all,
    > > I've noticed in Zonealarm several entries from a source IP in a
    > > port range I don't recognize. The range goes anywhere from
    > > 49000-49600. For example, one entry would like like such: 192.x.x.x:
    > > 49435.

    >
    > > What program/application is it that is most likely scanning from that
    > > port? I've looked online and seen really ambiguous results like "RPC"
    > > related events. Could it be a keylogger or something along those
    > > lines?

    >
    > > Thanks,
    > > J

    >
    > That 192.x.x.x looks to be a LAN IP on a router. Is the machine behind a
    > router and what is the full 192.x.x.x as know one cares and is going to use
    > a LAN IP against you?



    The machine is on the same network as mine - I guess I was more
    interested in finding out about the port that machine was blocked
    using. For instance, could they have been scanning my machine or
    trying to access something with a program that uses that port, and was
    blocked by Zonealarm? The reason I ask is because I see tons of "1026"
    or "1027" errors, which I know to be based on Windows messaging, and
    that is normal ("false-positive" in most cases). But the range here
    (49000-49600) seems to make me wonder what kind of program or
    application is being used...


  4. Re: ZoneAlarm - Port number?


    "Jeremy" wrote in message
    news:1177436099.980522.223300@t38g2000prd.googlegr oups.com...
    > On Apr 23, 4:32 pm, "Mr. Arnold" wrote:
    >> "Jeremy" wrote in message
    >>
    >> news:1177369607.741432.327090@n59g2000hsh.googlegr oups.com...
    >>
    >> > Hi all,
    >> > I've noticed in Zonealarm several entries from a source IP in a
    >> > port range I don't recognize. The range goes anywhere from
    >> > 49000-49600. For example, one entry would like like such: 192.x.x.x:
    >> > 49435.

    >>
    >> > What program/application is it that is most likely scanning from that
    >> > port? I've looked online and seen really ambiguous results like "RPC"
    >> > related events. Could it be a keylogger or something along those
    >> > lines?

    >>
    >> > Thanks,
    >> > J

    >>
    >> That 192.x.x.x looks to be a LAN IP on a router. Is the machine behind a
    >> router and what is the full 192.x.x.x as know one cares and is going to
    >> use
    >> a LAN IP against you?

    >
    >
    > The machine is on the same network as mine - I guess I was more
    > interested in finding out about the port that machine was blocked
    > using. For instance, could they have been scanning my machine or
    > trying to access something with a program that uses that port, and was
    > blocked by Zonealarm? The reason I ask is because I see tons of "1026"
    > or "1027" errors, which I know to be based on Windows messaging, and
    > that is normal ("false-positive" in most cases). But the range here
    > (49000-49600) seems to make me wonder what kind of program or
    > application is being used...
    >


    Why do you even care? ZA is doing its job as a personal FW/personal packet
    filter, which is to block unsolicited inbound traffic to the machine, which
    is everyday noise on an ISP's LAN or the WAN/Internet.

    The only problem here is ZA seems to be doing some unnecessary whining about
    it, which most PFW(s) do. It has got you paranoid.



  5. Re: ZoneAlarm - Port number?

    On Apr 23, 7:06 pm, Jeremy wrote:
    > Hi all,
    > I've noticed in Zonealarm several entries from a source IP in a
    > port range I don't recognize. The range goes anywhere from
    > 49000-49600. For example, one entry would like like such: 192.x.x.x:
    > 49435.
    >
    > What program/application is it that is most likely scanning from that
    > port? I've looked online and seen really ambiguous results like "RPC"
    > related events. Could it be a keylogger or something along those
    > lines?
    >
    > Thanks,
    > J


    1. http://www.iana.org/assignments/port-numbers - Gives you a list
    of ports that are being used and what programs 'typically' use them.
    2. The IP of 192.x.x.x - is a private, internal only IP, that is not
    reachable from outside your LAN

    ZA is giving you popups about inside traffic, either your machines
    have spyware, malware or trojans or a combination of things...

    Good luck...

    RedForeman


  6. Re: ZoneAlarm - Port number?


    "RedForeman" wrote in message
    news:1177603787.111893.122330@n15g2000prd.googlegr oups.com...
    > On Apr 23, 7:06 pm, Jeremy wrote:
    >> Hi all,
    >> I've noticed in Zonealarm several entries from a source IP in a
    >> port range I don't recognize. The range goes anywhere from
    >> 49000-49600. For example, one entry would like like such: 192.x.x.x:
    >> 49435.
    >>
    >> What program/application is it that is most likely scanning from that
    >> port? I've looked online and seen really ambiguous results like "RPC"
    >> related events. Could it be a keylogger or something along those
    >> lines?
    >>
    >> Thanks,
    >> J

    >
    > 1. http://www.iana.org/assignments/port-numbers - Gives you a list
    > of ports that are being used and what programs 'typically' use them.
    > 2. The IP of 192.x.x.x - is a private, internal only IP, that is not
    > reachable from outside your LAN
    >
    > ZA is giving you popups about inside traffic, either your machines
    > have spyware, malware or trojans or a combination of things...
    >
    > Good luck...



    The OP has indicated that the ISP has assigned that 192.x.x.x IP which some
    ISP's can do that.

    Therefore, the traffic is coming from other machines on the ISP network and
    not any machines on the OP's LAN. The OP has no LAN of his own.


  7. Re: ZoneAlarm - Port number?

    Mr. Arnold wrote:


    > The OP has indicated that the ISP has assigned that 192.x.x.x IP which
    > some ISP's can do that.
    >
    > Therefore, the traffic is coming from other machines on the ISP network
    > and not any machines on the OP's LAN. The OP has no LAN of his own.


    192.0.0.0/8 are public routable addresses except 192.168.0.0/16 which are
    private addresses as defined in RfC 1918.

    Please read: http://www.faqs.org/rfcs/rfc1918.html

    Wolfgang

  8. Re: ZoneAlarm - Port number?


    "Wolfgang Kueter" wrote in message
    news:f0sa46$6m3$1@news.shlink.de...
    > Mr. Arnold wrote:
    >
    >
    >> The OP has indicated that the ISP has assigned that 192.x.x.x IP which
    >> some ISP's can do that.
    >>
    >> Therefore, the traffic is coming from other machines on the ISP network
    >> and not any machines on the OP's LAN. The OP has no LAN of his own.

    >
    > 192.0.0.0/8 are public routable addresses except 192.168.0.0/16 which are
    > private addresses as defined in RfC 1918.
    >
    > Please read: http://www.faqs.org/rfcs/rfc1918.html
    >
    >


    I read it, thanks.


+ Reply to Thread