Level One firewall leaks? - Routers

This is a discussion on Level One firewall leaks? - Routers ; I've noticed lately that my Zone Alarm has been showing entries in its firewall log that shouldn't be there. Namely, it blocks attempts from outside IPs to connect to ports such as 1300, 3155, 1904, 4759, 3618, 2997, 3029, 1366, ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Level One firewall leaks?

  1. Level One firewall leaks?

    I've noticed lately that my Zone Alarm has been showing entries in its
    firewall log that shouldn't be there. Namely, it blocks attempts from
    outside IPs to connect to ports such as 1300, 3155, 1904, 4759, 3618,
    2997, 3029, 1366, 3286, 3357, 4590... With Zone Alarm being just the
    "second line of defense" this seems kind of weird. The first line of
    defense is a (wired) LevelOne router/firewall, and none of the
    aforementioned ports is forwarded to the computer (I even have UPnP
    turned off).
    Can someone explain to me what's wrong here and why these ports are
    coming through? Is it just a lousy firewall within the Level One router
    (but then again, how come there were no attempts like this before), or
    maybe some hackers' workarounds, or false routing within my network...


  2. Re: Level One firewall leaks?

    level13@gmail.com wrote:
    > The first line of
    > defense is a (wired) LevelOne router/firewall, and none of the
    > aforementioned ports is forwarded to the computer


    LOL, about a serious as your second line of defense.

    > Can someone explain to me what's wrong here


    Nothing is wrong.

    > and why these ports are coming through?


    - They're actually NATed.
    - Some furious NAT helper is forwarding heuristically.
    - Your computer is already hijacked.

    > Is it just a lousy firewall within the Level One router
    > (but then again, how come there were no attempts like this before), or
    > maybe some hackers' workarounds, or false routing within my network...


    Or maybe ZoneAlarm is just a piece of crap that twists ingoing and
    outgoing traffic, localloopback vs. eth communication, ...

  3. Re: Level One firewall leaks?

    level13@gmail.com wrote:
    > I've noticed lately that my Zone Alarm has been showing entries in its
    > firewall log that shouldn't be there. Namely, it blocks attempts from
    > outside IPs to connect to ports such as 1300, 3155, 1904, 4759, 3618,
    > 2997, 3029, 1366, 3286, 3357, 4590... With Zone Alarm being just the


    Define outside IP, give sample. Is there any other computer connected to
    same router.

    > "second line of defense" this seems kind of weird. The first line of
    > defense is a (wired) LevelOne router/firewall, and none of the
    > aforementioned ports is forwarded to the computer (I even have UPnP
    > turned off).


    Recheck router settings: DMZ, Port Forwarding, Port Triggering, UPnP.
    Did you change the way you connect to internet. If you use connection
    from your computer, then ZA is first and only line of defence, NAT and
    router firewall is by-passed.

    > Can someone explain to me what's wrong here and why these ports are
    > coming through? Is it just a lousy firewall within the Level One router
    > (but then again, how come there were no attempts like this before), or
    > maybe some hackers' workarounds, or false routing within my network...
    >


    ZA is not good choice in LAN. Sometime it just misconfigures. I use it
    too (Application and outbound communication control). Check is your LAN
    still in trusted zone in ZA, recheck all. Sometime ZA is almost
    impossible to be configured in LAN, specially if ICS is used.

    If NAT is properly configured, and there is no forwarded ports or
    systems in DMZ, there should be no outside IPs. If there are, contact
    techincal support.



  4. Re: Level One firewall leaks?


    wrote in message
    news:1145342166.891115.280850@u72g2000cwu.googlegr oups.com...
    > I've noticed lately that my Zone Alarm has been showing entries in

    its
    > firewall log that shouldn't be there. Namely, it blocks attempts

    from
    > outside IPs to connect to ports such as 1300, 3155, 1904, 4759,

    3618,
    > 2997, 3029, 1366, 3286, 3357, 4590... With Zone Alarm being just the
    > "second line of defense" this seems kind of weird. The first line of
    > defense is a (wired) LevelOne router/firewall, and none of the
    > aforementioned ports is forwarded to the computer (I even have UPnP
    > turned off).
    > Can someone explain to me what's wrong here and why these ports are
    > coming through? Is it just a lousy firewall within the Level One

    router
    > (but then again, how come there were no attempts like this before),

    or
    > maybe some hackers' workarounds, or false routing within my

    network...

    You can run a test at Shield's Up on your router to see if any ports
    are open.
    charlie R

    >



  5. Re: Level One firewall leaks?

    charlie R wrote:

    > You can run a test at Shield's Up on your router to see if any ports
    > are open.


    Or what about a serious and reliable online portscan?

+ Reply to Thread