1. Home
  2. Networking Firewalls
  3. Level One firewall leaks?

Level One firewall leaks?

I've noticed lately that my Zone Alarm has been showing entries in its firewall log that shouldn't be there. Namely, it blocks attempts from outside IPs to connect to ports such as 1300, 3155, 1904, 4759, 3618,

2997, 3029, 1366, 3286, 3357, 4590... With Zone Alarm being just the "second line of defense" this seems kind of weird. The first line of defense is a (wired) LevelOne router/firewall, and none of the aforementioned ports is forwarded to the computer (I even have UPnP turned off). Can someone explain to me what's wrong here and why these ports are coming through? Is it just a lousy firewall within the Level One router (but then again, how come there were no attempts like this before), or maybe some hackers' workarounds, or false routing within my network...
Reply to
level13
Loading thread data ...

LOL, about a serious as your second line of defense.

Nothing is wrong.

- They're actually NATed.

- Some furious NAT helper is forwarding heuristically.

- Your computer is already hijacked.

Or maybe ZoneAlarm is just a piece of crap that twists ingoing and outgoing traffic, localloopback vs. eth communication, ...

Reply to
Sebastian Gottschalk

Define outside IP, give sample. Is there any other computer connected to same router.

Recheck router settings: DMZ, Port Forwarding, Port Triggering, UPnP. Did you change the way you connect to internet. If you use connection from your computer, then ZA is first and only line of defence, NAT and router firewall is by-passed.

ZA is not good choice in LAN. Sometime it just misconfigures. I use it too (Application and outbound communication control). Check is your LAN still in trusted zone in ZA, recheck all. Sometime ZA is almost impossible to be configured in LAN, specially if ICS is used.

If NAT is properly configured, and there is no forwarded ports or systems in DMZ, there should be no outside IPs. If there are, contact techincal support.

Reply to
alf

3618,

network...

You can run a test at Shield's Up on your router to see if any ports are open. charlie R

>
Reply to
charlie R

Or what about a serious and reliable online portscan?

Reply to
Sebastian Gottschalk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.