(Tom I can't receive your original posts, so if you reply I won't see it). ZA is notorious for numerous false alarms. You need to install Zone Alarm Analyzer, it's free. I don't remember where you get it, but a search will turn it up. It makes it much easier to analyze the logs. I don't remember if it was ZA or the analyzer, but one of them will categorize the "hits" by severity, and that's what you need to look at. Look for the red, orange, and purple ones which are DoS attacks, Trojans, etc., the serious stuff.
You're going to see a lot more "hits" with a cable modem since usually that's a static IP address, which is even more the reason for using a firewall. I also recommend a hardware firewall built into a gateway router, they're cheap. If you're using XP, be sure it's firewall is also enabled. Many IP addresses can't be pinged, so that's normal. Z(?), that doesn't surprise me about RoadRunner, they're about the worse USA ISP for "questionable activity". I had to block most of their IP's, so I'm surprised I was able to see your post. -Clint God Bless Us All Clint Hamilton, Owner http://OrpheusComputing.com ) ----- Original Message ----- From: "Z" <[EMAIL PROTECTED]> Who is your ISP? I wouldn't concern myself with ping traffic unless you get hammered on one port several times in a row or a constant probe on port 139. The ISPs do this to keep tabs on their systems health and usage. If ZA is blocking the traffic then its doing what you want it to do. Just turn the notification pop-up window off and let it do its thing silently. When I first hooked up to RoadRunner I chased addresses down every day. On average, I would find a site or two that was concerning but ZA blocked it so it became boring and useless. I did install an A/B switch and a program called DL Meter. (Download / Upload meter) When I see a lot of up traffic on the meter and I'm not actively on-line, I simply switch the cable off and continue doing whatever I am doing until I need to go back on-line. I also disconnect the cable via the switch when it is storming nearby. I don't use ZA anymore though. I have switched to Kerio. It seem to do a better job of informing me what programs want to connect to addresses not specified by me. It also loads faster than ZA especially when running Norton AV. Z Thomas Fisher wrote: >If anyone is has any knowledge on reading logs generated by ZoneAlarm, >or how to tell if you are being probed by computers, I might need your >help. > >Since getting my cable internet service from a major nationwide ISP, I >have had Zone Alarm showing an almost constant probing from various >computers in TN, MD, VA and MI (I'm in GA). I can read the log and see >computer names (I think) and originating IP address as well as MAC >addresses of computers. I've pinged a few, and gotten responses when >using the computer name I see in the logs. When I ping the IP address >though, I don't get a response. >I'm wondering if this is possibly an infection on these systems, or if >it happens to be someone probing to get into computers, or if it is even >possible to tell. I thought at first it might have been the local >server contacting my machine to verify a connection or something of that >sort, but think at this point I can rule that out, as they are all >coming from outside the local area. >Just looking to see if anyone has any suggestions or ideas of possible >actions to take, until I hear back from my ISP. All probes appear to >have been blocked by ZA, but it still is kind of un-nerving... >Thomas ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
