|
Posted by Ansgar -59cobalt- Wiechers on November 27, 2006, 7:49 pm
If you were Registered and logged in, you could reply and use other advanced thread options > My son came home from college using his laptop on my network with a
> Netgear router. Now I regularly get this alert:
>
> "ZoneAlarm blocked traffic to port 2869 on your machine from port 1077
> on a remote computer whose IP address is 192.168.1.1. This
> communication attempt may have been a port scan, or simply one of the
> millions of unsolicited commercial or network control messages that
> are routinely sent out over the Internet. Such unsolicited messages
> are often called Internet background noise."
>
> It's being stopped which is good but 192.168.1.1 is my router's
> address.
>
> What do I do?
Inspect the traffic with a sniffer (e.g. Wireshark [1]) to find out
what's the payload of these packets. It should suffice if you install
the sniffer on the same machine ZA is installed on, but in case it
doesn't you have to tap the wire.
Also check the configuration of your router. Any port-forwardings? Is
the firmware up-to-date? Run a portscan against the router (from the
outside) to check if there are any ports open on the external interface.
Netgear routers have become infamous for being vulnerable.
[1] http://www.wireshark.org/
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
| 
XML site map