Ip 192.168.1.104 from several ports has set off high alert on the Zone Alarm. How can I find where 192.168.1.104 is comming from?
The following is a high Alert log from Zone Alarm log viewer. The PC has an IP of 192.168.1.102; default gateway -linksys DSL router is 192.168.1.1 . The rest of computers are turned off. I can not ping 192.168.1.104, which triggered the high alert. How can I find out where the 1.104 is coming from and its nature?
Good question saidfrh. Seen as how nobody's replied, I'll start it off hopefully, by giving a naif reply. Perhaps it's your MODEM's HFC IP doing something like trying to access its TFTP server, however the data is strangly being sent over the ethernet port instead of Coax/Fibre channel leading all the way back to your ISP...? I have no idea, just a maybe. *Hides in a corner and awaits criticism*.
Re: Zone Alarm high alert: what is the nature of 192.168.1.104?
14 years 2 weeks ago #6566
I promise I wont criticize you :-P Anyways, from what I see, the IP address you are seeing must either originate from your internal network(it being inside the reserved address space) or it is being spoofed. It seems that whatever the host is querying is your netbios port on your computer and trying to establish a TCP connection and your computer is obviously denying or dropping the connection.
So I ask you this, are you sharing any files or folders on your private network? are you perhaps using wifi(could be a wardrive trying to access your internal network that happens to deny echo_requests(ping))? have you tried checking what computers are participating in your windows network by using the "net view" command in the cmd prompt? Also try scanning the suspected computer with something other then ping... try the windows port of nmap.. unless you got a linux box . If you need anymore help, come up with a solution or discover information feel free to post it
"He who breaks something to find out what it is, has left the path of wisdom."