I upgraded to Win2K and found that my Internet Security 2000 wasn't compatible. So I went ahead and downloaded ZoneAlarm.

I've been getting alerts that I blocked FTP from 211.34.39.130.

I looked at more info and found that Asia Pacific Network Information Center owns the IP address.

What does this mean? Is someone trying to hack me. I've also been getting them from my ISP. But that's normal isn't it?

Of the two "hits" I've logged today, one is also from Asia Pacific Network Information Center but the IP is 202.69.83.4

I also use ZoneAlarm with win98. I get a lot of hits that say like the following, which just came by awhile ago...but, I get many of these...

Question...WTF is 'net bios' ?...

The firewall has blocked Internet access to your computer (NetBIOS Name) from 24.226.24.23 (NetBIOS Name).

Time: 03/11/2001 12:53:10

Thanks..

Isn't NetBIOS a protocol or something? Like TCP/IP?

That sounds like you're thinking of NETBEUI.
netbios (http://www.sysopt.com/forum/Forum6/HTML/002100.html)

Thanks Fingers, I just had a brain ****! http://www.sysopt.com/forum/smile.gif

Yeah someone connecting through Asian Pacific Network is a busy beaver. I've gotten numerous ZoneAlarms from that source.

The hacker will get different IP addresses each time he/she/it logs on so the specific IP address doesn't mean anything. Asian Pacific Network can, of course, determine which of its customers was using the IP address at the time you were hacked. You can email them and complain, but then they'll have your email address. And will it do any good to complain? I don't know and I haven't bothered to find out because, remember, the beauty of ZoneAlarm is that the hacker doesn't even find out that you exist. If he/she/it is able to get your email address then he/she/it will have another way of hacking you.

i dont think that some1 is trying to hack you. i get it whenever i log onto IRC and other places, couldnt it just be the server trying to access ur cookies?
jak

u guys download music? i get the max number of alerts if i'm on for a long time..(500)
the alerts could be a server u were just at trying to reconnect to u.

Just now got another hit from the Pacific Asian Network user. I clean my cookies every day (what a good little boy am I!) and I haven't downloaded music for over a year. The music was from MP3. I've also checked for adware any don't have any, anymore.

It's also stated in the info the pings could be from your own ISP determining if your active online. If you get bumped off line ck the log and see if there is a correspondence.
Also it could be from banner ads.
I know it's irritating, I'm still in the "wonder if I should get paranoid stage" I had a couple PW stealing Trojans, today I called my bank and there was a charge pending on my credit card for $1.00. As though they were testing the water, needless to say that account is closed. Maybe I should move past the "wonder if I should get paranoid stage" and careen into the downright "whacked out horde supplies mode", Naaaaaaahhh to much effort. http://www.sysopt.com/forum/wink.gif

I like zone. But try to keep the size of the "IAM" file down. It has been up to 50mb+ on my sys. And as low as 1/2 a meg when its fresh. *****Never a new reason for paranoia, the old one stands, there are programmer back doors in most apps. And more than one so a few can be found and we all can sleep. I know I sleep. Usually. ;-p

Plus as far as Apnic and Hongkong are concerned. I traced a regular back to here company and even her desk on the company lan. Nope, I didn't complain to authorities, just let her know that I knew. ;-p

Cryptic, I just started using ZoneAlarm a few weeks ago, and maybe I haven't got a good handle on it yet...but, what is an "IAM" file?. Something you created?...its not a part of Zone that I can find here on my machine... clue me in willya?..Tanks

Sorry. "IAM" is zonealarms IAMDB.RDB file. I'm not sure what its all about. Building inf from .5mb to over 50 mb on my winME. But I do know of some people that like to think of it as a hole in the zonealarm wall.

if i recall..netbios is usually ports 136 to 139 and an attempt to access files. I have one book I call my Project Blue Book. And in there I have logged 12 cable netbios access attempts and 9 other in the past 7 days. And thats only the one category. The FTP & TCP Ident and Ping (ICMP) etc. They keep me entertained at night. ;-p I really believe if you have zonealarm configured and tested at grc or sygate. It's the best software firewall I have tried out so far.

What's grc and sygate?

GRC is Steve Gibson's Research Company www.grc.com (http://www.grc.com)

Steve is very heavy into computing security and has some nice programs for security and testing of your security.

It's well worth your time to check it out and run "Shields Up".

Harder

Regarding the Zone Alarm blocks, I know There is aleast one program that web sites use to track visitor's to there sites. I can't remember the name of it off hand but I do remember reading that it will access your ststem and retrieve data about who you are, your ISP and other vitals about you.

This could be one reason why there are so many ZoneAlarm alerts.

I will try to find out what that software is called and post it.

I also love this scanner: http://scan.sygatetech.com/

I received an e-mail from Steve Gibson at GRC last night http://www.sysopt.com/forum/smile.gif and this will give you an idea of what Steve and GRC are up to and into. (This is only a portion of the e-mail.)

Harder

__________________________________________________ _______________
New freeware utility developed and released:
"PATCHWORK"
__________________________________________________ _______________

As you may recall, the last eMail from me was the early December
announcement of the new "LeakTest" personal firewall leakage
tester. Thanks to your support, 775,778 copies have been
downloaded ... and all major firewall vendors have updated their
products to plug their leaks. In the future, a next generation
of LeakTest will highlight additional problem areas in personal
computing firewalls.
So what is PATCHWORK ??
Last Thursday (March 8th) the United States Federal Bureau of
Investigation -- the FBI -- announced that the Windows NT and
Windows 2000 Internet web servers belonging to at least 40
prominent eCommerce companies have been systematically broken
into by Eastern European hackers. After having their private
customer credit card data stolen, the companies were financially
extorted under the threat of public disclosure of their customers'
data. More than one million credit card purchasing records have
been stolen. You can read the full FBI press release here:
<http://grc.com/pw/FBIannouncement.htm>
Shortly before the FBI's public announcement, I was contacted by
people in Washington and asked if I could produce a utility to
instantly determine whether a Windows NT or 2000 Internet server
was vulnerable to these attacks, and to search the server for any
evidence of previous penetration. The FBI provided all of the
specific details required, so I quickly created my latest
freeware: "PatchWork" (just 30k bytes).
PatchWork is ONLY useful for users running Windows NT or 2000
-- so I know that it will not be of interest to everyone -- but I
wanted you to know that it exists. If you, or anyone you know,
ARE using any version of Windows NT or 2000, you really should
check out PatchWork! It is opening MANY people's eyes ...
<http://grc.com/pw/patchwork.htm>

Cryptic, In reguards to your Iamdb.rdb gaining MB's--You have to delete the three files in C:\WINDOWS\Internet Logs, they are corrupted if you are having this problem. I run Zone Alarm Pro with BID and that file never gets larger than 588kb. You don't have to do a uninstall of the program just delete the three files found in the above mentioned directory and that should solve the problem. I have heard of other's having this same problem. You will have to reconfigure your settings and reset permissions is all. Hope that helps.