Port Scanning

I'm on Telewest Blueyonder Broadband in the UK and reaquainted myself with ZoneAlarm recently. Every ten seconds I was notified of some port intrusion, some from Blueyonder IP's, some not. Telewest informs me that their servers will port scan clients. Does this seem reasonable? Most of the other port intrusions I presume are from virus-hijacked computers?

Furthermore, as ZoneAlarm has this nasty side-effect of crashing my computer, I'd like to replace it with a much more reliable means of security--a router. Does anyone have any opinions as to why a hardware firewall (I'm leaning toward Linksys BEFW11S4) might NOT be a better idea than software firewall?

I know ZoneAlarm isn't the end all and be all of firewalls. I like Norton's antivirus, maybe their Internet Security combo is decent? Though ...it's still cheaper to buy the router!

Thanks for your opinions in advance.

Evan Joanette snipped-for-privacy@hotmail.dot.com

Reply to
Evan Joanette
Loading thread data ...

I use two routers, an alpha shield which is connected to a watchguard firebox, and I use NIS on my system. I too use broadband and every so often my ISP servers scan, I'm given the option to allow or block, which I block. When I checked with my ISP they say it's sop.

Reply to
JRF

Hello, On your question about hardware firewalls; I use a Linksys router and find it very reliable. The only problem is it doesn't monitor / alert on outgoing traffic, so you don't get warned of spyware, etc that might phone home. I am looking to have the best of both worlds by having both router and software firewall. So far I've looked at Zonealarm (but this can't be configured to block outgoing traffic by ip address to block known ad servers) and Kerio (which is very configurable in what it can block, but unfortuantely also regularly crashed my computer). On your first point, I'm not sure I like the sound of a provider port scanning my system - but as you've probably gathered from my above comments I'm slightly paranoid!

Hope these thoughts are helpful...

Reply to
ac

I use D-Link router, and can block ports in there (block 135-139 btw) and Norton Firewall where you can chose incoming and outgoing.

Reply to
Sheila aka Pippie

As a rule all anti-virus, spyware and firewall protection systems need to be installed on a clean system. Most of the problems that I have had to solve were those on systems of up time more than 60 days

Reply to
obi

A router AND firewall software... quite the combo. There are some things that the software does that I didn't realize the router didn't always do.

Unfortunately, it sounds like there's a fair number of system crashes blamed on firewall software, and now I've experienced it. But now that I realize there are so many port intrusions on my machine, I need some security.

My last router was an SMC Barricade, but I really like the Linksys. Doubt I'll change my mind on that.

Reply to
Evan Joanette

First of all, be aware the a lot of operations that seem like intrusions/pot scans are actually fully legal requests that are considered intruison because of some minor modifications in timeouts of all kinds, or the number of requests per minute and so on. Some IDS tools be default will alarm you of intrusion detection which will be some legal NetBIOS request , for example. (TCP ports 135, 138 & 139)

Reply to
Observer

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.