Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: Zone Alarm high alert: what is the nature of 192.168.1.104?

Zone Alarm high alert: what is the nature of 192.168.1.104? 13 years 7 months ago #6542

  • saidfrh
  • saidfrh's Avatar Topic Author
  • Offline
  • Distinguished Member
  • Distinguished Member
  • Posts: 92
  • Thank you received: 0
Ip 192.168.1.104 from several ports has set off high alert on the Zone Alarm. How can I find where 192.168.1.104 is comming from?
The following is a high Alert log from Zone Alarm log viewer. The PC has an IP of 192.168.1.102; default gateway -linksys DSL router is 192.168.1.1 . The rest of computers are turned off. I can not ping 192.168.1.104, which triggered the high alert. How can I find out where the 1.104 is coming from and its nature?
Thanks.

Rating High

Protocol Source Destination
TCP (flag:S) 192.168.1.104:1353 192.168.1.102:139
:1175
:1091
1135

Re: Zone Alarm high alert: what is the nature of 192.168.1.104? 13 years 7 months ago #6559

  • sLz
  • sLz's Avatar
  • Offline
  • Frequent Member
  • Frequent Member
  • Posts: 38
  • Thank you received: 0
Good question saidfrh. Seen as how nobody's replied, I'll start it off hopefully, by giving a naif reply. Perhaps it's your MODEM's HFC IP doing something like trying to access its TFTP server, however the data is strangly being sent over the ethernet port instead of Coax/Fibre channel leading all the way back to your ISP...? I have no idea, just a maybe. *Hides in a corner and awaits criticism*.

Re: Zone Alarm high alert: what is the nature of 192.168.1.104? 13 years 7 months ago #6566

I promise I wont criticize you :-P Anyways, from what I see, the IP address you are seeing must either originate from your internal network(it being inside the reserved address space) or it is being spoofed. It seems that whatever the host is querying is your netbios port on your computer and trying to establish a TCP connection and your computer is obviously denying or dropping the connection.

So I ask you this, are you sharing any files or folders on your private network? are you perhaps using wifi(could be a wardrive trying to access your internal network that happens to deny echo_requests(ping))? have you tried checking what computers are participating in your windows network by using the "net view" command in the cmd prompt? Also try scanning the suspected computer with something other then ping... try the windows port of nmap.. unless you got a linux box ;-). If you need anymore help, come up with a solution or discover information feel free to post it :-)
  • Page:
  • 1
Time to create page: 0.129 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup