Re: Level One firewall leaks?

level13@gmail.com wrote:
> I've noticed lately that my Zone Alarm has been showing entries in its
> firewall log that shouldn't be there. Namely, it blocks attempts from
> outside IPs to connect to ports such as 1300, 3155, 1904, 4759, 3618,
> 2997, 3029, 1366, 3286, 3357, 4590... With Zone Alarm being just the

Define outside IP, give sample. Is there any other computer connected to
same router.

> "second line of defense" this seems kind of weird. The first line of
> defense is a (wired) LevelOne router/firewall, and none of the
> aforementioned ports is forwarded to the computer (I even have UPnP
> turned off).

Recheck router settings: DMZ, Port Forwarding, Port Triggering, UPnP.
Did you change the way you connect to internet. If you use connection
from your computer, then ZA is first and only line of defence, NAT and
router firewall is by-passed.

> Can someone explain to me what's wrong here and why these ports are
> coming through? Is it just a lousy firewall within the Level One router
> (but then again, how come there were no attempts like this before), or
> maybe some hackers' workarounds, or false routing within my network...
>

ZA is not good choice in LAN. Sometime it just misconfigures. I use it
too (Application and outbound communication control). Check is your LAN
still in trusted zone in ZA, recheck all. Sometime ZA is almost
impossible to be configured in LAN, specially if ICS is used.

If NAT is properly configured, and there is no forwarded ports or
systems in DMZ, there should be no outside IPs. If there are, contact
techincal support.
Received on Mon May 1 01:07:58 2006