Zonealrm: Need to identify the source of outgoing request

When you are able to see what program it is that's making the connection with the tools like Active Port or TCPview, that program may not actually be the program that's wanting the access and you must drill down or like inside a running process to see what's running with the process and using it.

Process Explore will allow you to see what programs are using a given process.

PE Menu/view/show lower pane/ show all DLL's will show you everything that's running with a process.

You select a process in the upper pane and right-click Properties and get more info about the running process.

You can right-click a line in the lower pane too.

Prcview (free) use Google does the same thing as PE.

Long

Short Duane :)

[ZoneAlarm in a wrong way, bypassing my bullshit filter]

Why?

Congratulations, you're DoSing yourself.

Which logs?

As usual.

What a stupid question.

No, this is because ZoneAlarm is a toy for playing. And you should stop playing now.

And how would you get any serious indication?

Hey Sabay boy -

What's your problem with ZoneAlarm (free) ?

Do you mean "dosing"? And if so, then enlighten me with your "knowledge" oh great one ...

hmm, based on your sole opinion - I think NOT !

Hey Sabey boy, why don't you save your insights for whatever small part of the world you come from until you learn how to act and communicate like an adult?

It's a piece of bit-junk, not being good for anything besides messing up the entire system?

DoS = Denial of Service

You're essentially breaking some of your very own functionality. F.e. you webbrowser wanting to connect to a website using Akamai's load balancing. By blocking the traffic, you're hindering the loadbalancer and it will throw you onto the lame default server, which is lame because all other lamers are thrown there.

It's not due to my opinion that ZA is crap.

Obviously I do: not bugging around a lot and clearly stating what's actually up.

Ok, Sabastian ...

I truely appreciate the more civil-like response ... so my apoligies for acting out.

Let me start again:

I've been running with ZoneAlarm for a few years. I have an anti-virus subsription with them and have been pleased with zoneAlarm going on 3 some years.

It wasn't until I recently signed-up with a Voip phone service that I started to get these ip request. I thought maybe it might be due to the Voip service (because the associated ip names are similiar to competitive local exchange carriers, i.e. - CLECs). Other people are saying no relation.

I agree with you with regards to Akamai's load balancing, but my question is this:

1.) I can't determine which process or program is requesting these outgoing attempts, and 2.) why all of the sudden I'm getting them in the 1st place

I will try the tools like Active Port or TCPview to see if I can determine what program/process is doing this, but I guess you're saying I eventually should allow them through anyway?

You can't do that with ZoneAlarm, but you can do it with some serious tool. Hey, even netstat got that "-b" option on WinXP SP2.

Better question: Couldn't it simple be that ZoneAlarm has some serious bugs that make it regard incoming requests as outgoing?

That's the next point: You're obviously lacking any security concept. Besides that application control doesn't work, you should generally deny everything until proven harmless and necessary.

No, I doubt it. The SOURCE ip is my pc's ip; the DEST ip is the one in question.

And that's what I'm currently doing (blocking these outgoing request). I thought you implied by your remark ""DoSing" yourself" that I should possible allow these request if it helps with load balancing. BTW - I'm not having any internet activity complaints as far as download speed, etc. This whole issue simple stem from the fact that I get these ip request. I'll continue to block them until I can determine who is originating them (if I ever can determine this). ..and BTW, I'm running Windows 98 SE (don't laugh, it's fine for family)...

And it wouldn't have been the first when ZA has been twisting those.

I laugh, it's not fine for family as it doesn't impose any serious (read: C2 conformant) security mechanisms.

That's why I have ZoneAlarm, huh?

I wonder since when ZoneAlarm is trying to impose file access permissions on anything but itself.

Why are you using a "Personal Firewall" then? Just unbind any services with the exception of "TCP/IP" from your external interface, and you don't need a packet filter at all.

Yours, VB.

Because Mr. Gibson, AOL, the retailer or some other scumbag told him so? ;-D

Pretty impressed with yourself, huh, Sebastian?

If you know as much as you claim, and I don't doubt that you do, how about sharing your worldly knowledge, rather than insulting those who are less educated?

Notan

AS PFW's are deiscussed and explained on everage every 3 days, and have been for years people asking these questions could take 5 minutes on google and pull up the same info they keep asking for. Personally I'm more than a little tired of the same bullshit questions repeated eternally. E.

Life's a bitch, ain't it?

If Google's the way to go (and, I agree, it very often is), how 'bout a simple response of "Google," rather than some snide remark.

Notan

Notan,

I agree with you, but don't let it bother you. Although I was hoping to get some educated responses & opinions, I didn't expect childish behavior. But you do realize the internet gives the truly insecure, inferior ones a pulpit to act & appear superior - let them have their day - it's all they got

You did. You just didn't get the answer you wanted.

groups.google.com is your friend. If you truly want educated responses, then use it.

Yep, resort to personal attacks because you didn't get the solution handed to you on a plate. Is this an example of the childish behaviour you are talking about?

I encounter quite a number of people who believe that by giving me the opportunity to fix their PC problem for free, in my own time, they are somehow doing me a favour. Does this behaviour sound familiar? E.

I don't know half as much as the frequent contributors here (whose advice I respect), but I have used Zone Alarm Pro for years (since version 3), because it does so much more than the cheap $19 routers I so often see recommended on windowsxp.security_admin. I won't go into them all, because you and I know already, but somebody who asks the question "What logs ?" clearly doesn't know enough about ZoneAlarm to make educated remarks about it.

It's not because you're using the free version. I use the Pro version, and ZoneAlarm Pro does not show program names for stuff like TCP/UDP packets, or incoming/outgoing ICMP and IGMP. If you don't know what it's for, you should always block it, until you find somebody who knows what it is and what it's for.

If you're looking for people who dislike ZoneAlarm and are biased against it, this is the place to come. Otherwise, you will likely find more people willing to help you at ZoneAlarm's User Forum

than you will here.

Finally, anti-virus programs are only good for one thing - detecting and removing viruses. Don't take this as sarcasm, but anti-virus programs are no good at detecting spyware or Trojan Horses. They make a weak attempt, just so they can add these to their feature lists, but 16%-33% is a pathetic success rate. What you've described could easily be the behavior of a Trojan Horse, and the best tool to detect and remove Trojans are anti-Trojan tools, like Trojan Hunter and Ewido, not anti-virus tools.

snipped-for-privacy@csc.com wrote:

Surprise, surprise - on Zonelabs' own forum, there are people who like Zone Alarm ;-)

The latter is a very dangerous attempt, if one does not realize, that it is impossible to remove all what was modified if a virus downloads code from the net (like many viruses do).

Why do you think so?

Yours, VB.