1.everytime i start up my comp i get windows explorer trying to connect to 239.255.255.250:1900 then its denied premission by zonealarm then another alert trying to connect to 127.0.0.1:1029 anyone know whats going on?
2.the past 2 days i've been getting an ip(142.177.1.64, 142.177.1.65, 142.176.33.178)
trying to connect to my comp trying like 10 different ports at a time(alot of times). i was getting alerts like crazy last night.what could the situation be here as i dont think it is a web server that i was recently at trying to reconnect? please advise..

IP block lookup for 239.255.255.250
This address is a type D or type E address, reserved for multicast or experimental use.

IP block lookup for 142.177.1.64
whois -h whois.arin.net 142.177.1.64

Stentor National Integrated Communications Network (NET-STENTOR19)
410 Laurier Avenue West, Room 730
Ottawa, ON K1P6H5
CA

Netname: STENTOR19
Netblock: 142.177.0.0 - 142.177.255.255

Coordinator:
MT and T Hostmaster (MA2-ORG-ARIN) hostmaster@MTT.NET
+1 902 487 4600
Fax- +1 902 423 5541

Domain System inverse mapping provided by:

thx mntsnow any ideas on how to stop this multicast? also is it usual for a company to bomb someones computer with requests?

Well they are an ISP so I dont think it's THEM but one of their users/clients.

what you can do is email their admins and give them a copy of your log file showing the scans (date/time and what kind of port scan) and they can either warn the abuser and get them to stop or if it continues and you keep them informed they can boot the user off their network

Personally, I would be more concerned at the moment about the outgoing connection attempts.
Usually there are three common reasons for something like that happening.
1) A program or utility automatically checking for updates.
2) Spyware
3) Trojan

Zone Alarm usually will tell you the name of the program making the connection, making it easy to tell if it's something looking for an update. Also depending on how familiar you are with your system and the programs you have recently installed can help rule out or nail down the responsible program.

Spyware is an easy one to check for, get this free utility called "AdAware". http://www.lavasoft.de/aaw/index.html
Another neat thing about this utility is that if you view the report after the scan, you can see all the running tasks of your system. If your familar with your system, you may be able to spot something new.

As for the trojans here are some good scanners. These are shareware with 30 day free trial.
The Cleaner (http://www.moosoft.com/)
Tauscan (http://www.agnitum.com/products/tauscan/)

Here is a cool utility that will list everything that is set to run on your system from the common load points of Windows (9.x only). Get the utility here called Start Up Log (http://home.earthlink.net/~rmbox/Reticulated/Toys.html)

Best of luck.
Dave

The connection to 127.0.0.1 is something trying to connect to localhost (your computer). I would venture a guess that it's a program checking to make sure that TCP/IP is turned on, or some programs need to connect to themselves (there was a post on here earlier about Napster doing this)

Nighthawk is right about that port.
On my system, Norton Anti-virus uses the connection into
127.0.0.1 if it is set to scan incomming mail.
Dave

ok thx for the insight everyone if it keeps up i am going to email the admin about this.... as for windows explorer trying to connect im gonna try the spyware util and see what it comes up with. thanks again=]

greetings jack and coke- if you bring up zonealarm, click on alerts, select the alert you want to check, then hit more info another window will open providing info about the "person" requesting access... on this page, if you click more info it will quarry the address for information... good luck!