Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Zone Alarm high alert: what is the nature of 192.168.1.104?

Zone Alarm high alert: what is the nature of 192.168.1.104? 11 years 11 months ago #6542

  • saidfrh
  • saidfrh's Avatar
  • Offline
  • Distinguished Member
  • Posts: 92
  • Karma: 0
Ip 192.168.1.104 from several ports has set off high alert on the Zone Alarm. How can I find where 192.168.1.104 is comming from?
The following is a high Alert log from Zone Alarm log viewer. The PC has an IP of 192.168.1.102; default gateway -linksys DSL router is 192.168.1.1 . The rest of computers are turned off. I can not ping 192.168.1.104, which triggered the high alert. How can I find out where the 1.104 is coming from and its nature?
Thanks.

Rating High

Protocol Source Destination
TCP (flag:S) 192.168.1.104:1353 192.168.1.102:139
:1175
:1091
1135
The administrator has disabled public write access.

Re: Zone Alarm high alert: what is the nature of 192.168.1.104? 11 years 11 months ago #6559

  • sLz
  • sLz's Avatar
  • Offline
  • Frequent Member
  • Posts: 38
  • Karma: 0
Good question saidfrh. Seen as how nobody's replied, I'll start it off hopefully, by giving a naif reply. Perhaps it's your MODEM's HFC IP doing something like trying to access its TFTP server, however the data is strangly being sent over the ethernet port instead of Coax/Fibre channel leading all the way back to your ISP...? I have no idea, just a maybe. *Hides in a corner and awaits criticism*.
The administrator has disabled public write access.

Re: Zone Alarm high alert: what is the nature of 192.168.1.104? 11 years 11 months ago #6566

I promise I wont criticize you :-P Anyways, from what I see, the IP address you are seeing must either originate from your internal network(it being inside the reserved address space) or it is being spoofed. It seems that whatever the host is querying is your netbios port on your computer and trying to establish a TCP connection and your computer is obviously denying or dropping the connection.

So I ask you this, are you sharing any files or folders on your private network? are you perhaps using wifi(could be a wardrive trying to access your internal network that happens to deny echo_requests(ping))? have you tried checking what computers are participating in your windows network by using the "net view" command in the cmd prompt? Also try scanning the suspected computer with something other then ping... try the windows port of nmap.. unless you got a linux box ;-). If you need anymore help, come up with a solution or discover information feel free to post it :-)
"He who breaks something to find out what it is, has left the path of wisdom."

Gandalf the Grey
The administrator has disabled public write access.
Time to create page: 0.074 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup