ZoneAlarm - Port number?

Hi all, I've noticed in Zonealarm several entries from a source IP in a port range I don't recognize. The range goes anywhere from

49000-49600. For example, one entry would like like such: 192.x.x.x: 49435.

What program/application is it that is most likely scanning from that port? I've looked online and seen really ambiguous results like "RPC" related events. Could it be a keylogger or something along those lines?

Thanks, J

Reply to
Jeremy
Loading thread data ...

That 192.x.x.x looks to be a LAN IP on a router. Is the machine behind a router and what is the full 192.x.x.x as know one cares and is going to use a LAN IP against you?

Reply to
Mr. Arnold

The machine is on the same network as mine - I guess I was more interested in finding out about the port that machine was blocked using. For instance, could they have been scanning my machine or trying to access something with a program that uses that port, and was blocked by Zonealarm? The reason I ask is because I see tons of "1026" or "1027" errors, which I know to be based on Windows messaging, and that is normal ("false-positive" in most cases). But the range here (49000-49600) seems to make me wonder what kind of program or application is being used...

Reply to
Jeremy

Why do you even care? ZA is doing its job as a personal FW/personal packet filter, which is to block unsolicited inbound traffic to the machine, which is everyday noise on an ISP's LAN or the WAN/Internet.

The only problem here is ZA seems to be doing some unnecessary whining about it, which most PFW(s) do. It has got you paranoid.

Reply to
Mr. Arnold

  1. formatting link
    - Gives you a list of ports that are being used and what programs 'typically' use them.
  2. The IP of 192.x.x.x - is a private, internal only IP, that is not reachable from outside your LAN

ZA is giving you popups about inside traffic, either your machines have spyware, malware or trojans or a combination of things...

Good luck...

RedForeman

Reply to
RedForeman

The OP has indicated that the ISP has assigned that 192.x.x.x IP which some ISP's can do that.

Therefore, the traffic is coming from other machines on the ISP network and not any machines on the OP's LAN. The OP has no LAN of his own.

Reply to
Mr. Arnold

192.0.0.0/8 are public routable addresses except 192.168.0.0/16 which are private addresses as defined in RfC 1918.

Please read:

formatting link
Wolfgang

Reply to
Wolfgang Kueter

I read it, thanks.

Reply to
Mr. Arnold

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.