- HOW TO OPEN PORTS IN ZONEALARM SECURITY SUITE HOW TO
- HOW TO OPEN PORTS IN ZONEALARM SECURITY SUITE WINDOWS
Thank you, but believe I'm a bit overburdened with your knowledge.
Personally, I would also disable NetBios over TCP. PS.out of interest, if you have XP, go to Run>cmd>press Enter>type "netstat -an" (without commas) and you will see what open ports are listening. Port 135 attracts Internet worms and permits your system to be remotely compromised by malicious hackers – more from If you want the disable instructions, I will post for you, let me know. Port 445 is used for file sharing and a potential security risk using NT/2000/XP. Maybe its easier to disable 135 and 445 and help prevent attacks, assuming you havent already done so. Quote "Can somebody explain me how I should handle this:?" My question who is behind the IP was not answered (yet - now for 3 more weeks) What that means, I don't know, but nothing else happened. "We identified the IP-address as ours and transferred the matter." Well, that's my experience: I've got - if any - an response from the provider saying: Mostly, as long as you are protected, there isn't much else you can do.Īs long as you keep your Zone Alarm updated, I'm not sure I'd even leave it configured to tell you when it blocks incoming connection attempts. And whether they will is another question entirely. All the provider needs is IP address and time that it happened - if they know who has that ip at that time, they can do something about it - if not, they cannot. If you're wondering if you should send an email I wouldn't bother but if zone alarm is offering to send an email (or prepare one that you can send), then sure, might as well. Sending emails to providers may or may not be useful some providers care, some do not. Reboot, type netstat –an in Start>Run>cmd and port 445 will not be listening, nor should 135. Start>Control Panel>Internet and Network Connections>Internet Options>Connections>Settings>Properties>Networking>Properties> Advanced>click WINS tab>click on Disable NetBIOS over TCP> click OK and exit. Its best to also disable NetBIOS over TCP/IP (in XP Home) if NOT using any file sharing : In the right-hand side of the window find an option called TransportBindName.ĭouble click that value, and then delete the default value, thus giving it a blank value. Start>Run>type regedit> HKLM\System\CurrentControlSet\Services\NetBT\Parameters To disable 445/135 in XP Home the following has worked for me (ensure you have registry backup facility) :
HOW TO OPEN PORTS IN ZONEALARM SECURITY SUITE WINDOWS
Remember three systems within Windows NT/2000/XP share TCP port 135: DCOM, Task Scheduler, and Distributed Transaction Coordinator (MSDTC), so check carefully if you want these Services running before disabling. If you have a standalone machine and DO NOT use any type of file sharing, disable such ports, as Steve Gibson suggests where Dcom threats are concerned. If you are using a router as your Internet gateway then possibly ensure that it does not allow inbound or outbound traffic via TCP ports 135-139 if you feel you are being attacked. I agree that any filesharing from home needs solutions, but its still a security risk since it uses NetBIOS on LAN/WAN to send all sorts of information, such as your domain, workgroup and system names, account information sent this way. Everyone has different needs, and Steve Gibsons site has good info on this topic. If Yes, it’s the users discretion whether to keep machine as is, or disable 135 and 445, and getting info from any source as to what the benefits/pitfalls when these ports disabled. Then use a port scan facility like Steve Gibsons obtained from (or others) to see if the computer is currently stealthed or not on those ports. The firewall seems to be doing its job, don’t worry too much, but its prudent to first see what ports are open using the “netstat” facility (if XP Home), and/or set firewall to block such ports if needed (Kerio is good for this, don’t know about ZA free).
HOW TO OPEN PORTS IN ZONEALARM SECURITY SUITE HOW TO
How to handle this part, would you have some advice for me? Some attacks address the NetBIOS-session, some the HTTP, whatever this meansīy the way, to report the IP addresses to the seem to be senseless since those take that to their attention only but I never got to know who by name is behind the indicated attacker, even if some hammered at the door 10 times in a row. How can I get sure and not afraid that the system is by-passed? It's not unusual that we are hit 400 times a day and the fire wall prevents an access.īut I'm not sure that this fire wall has locked all holes. Others hit are: UDC Ports #1026, 1027, 1434, 4672,Īnd so on, port numbers vary according to certain days but I can't determine a system except that the same ports are hit by different attackers, different IPs. ZA sends Security Warnings that give the following pictures, saying "the fire wall has blocked attempted access to our pc" at severall ports. Can somebody explain me how I should handle this:?
0 kommentar(er)
