Sparda Posted March 31, 2006 Share Posted March 31, 2006 I ask because well... check out my blog. Who else has noticed any suspicious activity? Quote Link to comment Share on other sites More sharing options...
melodic Posted March 31, 2006 Share Posted March 31, 2006 i use it , but wat do u mean? zone alarm phoning home?? Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 31, 2006 Author Share Posted March 31, 2006 Esentialy yes, but it's what it might be sending home that is worrying. Quote Link to comment Share on other sites More sharing options...
melodic Posted March 31, 2006 Share Posted March 31, 2006 Esentialy yes, but it's what it might be sending home that is worrying. yehh =| any other open source firewalls? so we can dump ZA Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 31, 2006 Author Share Posted March 31, 2006 Esentialy yes, but it's what it might be sending home that is worrying. yehh =| any other open source firewalls? so we can dump ZA Agreed, but I realy do need out bound control, and ZA Pro (at least) offers what I have found to be the best. Quote Link to comment Share on other sites More sharing options...
melodic Posted March 31, 2006 Share Posted March 31, 2006 yeah me 2. i wounder if some one has a hacked version of ZA so it doesnt phone home :S Quote Link to comment Share on other sites More sharing options...
melodic Posted March 31, 2006 Share Posted March 31, 2006 bit of googleing No phoning home By Paul Hales: Friday 10 February 2006, 09:36 JIM BORCK of Infoworld having originally caught Zone Alarm 'phoning home', was kind enouh to send us the following work-around to stop the firewall connecting to four remote servers for whatever reason. Jim's fix is better than the one we suggested previoulsy, as it only blocks Zone Alarm's connections to those servers which do only Zone Labs knows what. To implement the fix, add the following to your Hosts file: 127.0.0.1 cm2.zonelabs.com 127.0.0.1 hs2.zonelabs.com 127.0.0.1 ls2.zonelabs.com 127.0.0.1 pa2.zonelabs.com Thanks Jim. µ http://www.theinquirer.net/?article=29616 Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 31, 2006 Author Share Posted March 31, 2006 Yes, thats how I blocked ZA from accessing zonelabs.com (if you had read my blog carfully enogh you would have seen that ;)), and thats what lead me to finding that registar.asp entrie, becasue insted of setting the DNS entrie to point to no where, it points to my web server... Quote Link to comment Share on other sites More sharing options...
melodic Posted March 31, 2006 Share Posted March 31, 2006 ok cool so is that now ZA blocked from phoning home?? Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 31, 2006 Author Share Posted March 31, 2006 yes, but i'm more worryed as to why it did this, if it's sending data that it shouldn't then it could easily be classed as spyware. Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 31, 2006 Author Share Posted March 31, 2006 I'v desided to give it some etherreal age and try and find out what data it's trying to send. Quote Link to comment Share on other sites More sharing options...
melodic Posted March 31, 2006 Share Posted March 31, 2006 nice one mate cool. u got msn? sorry i didnt reply quicker, went down the shop 2 get some dr pepper and cadburys cream eggs :D:D:D Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 31, 2006 Author Share Posted March 31, 2006 OMG! Things have got worse, and whats worse, some thing else suspisiuse is happening! First off, even when zonealarm is OFF, compleatly OFF, my computer still keeps querying my DNS server for Zonelabs.com! And whats worse every so offten my computer keeps sending a TCP packet or two to a ID address some where in russia, notably it was on a bittorrent port, but when i "collected" these packes bittorrent was thougholy off and my bitorrent port range on my router was closed! I'm going to perform further tests and see what happens. Quote Link to comment Share on other sites More sharing options...
melodic Posted March 31, 2006 Share Posted March 31, 2006 ...BAM!...shit thats bad...wow russia Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 31, 2006 Author Share Posted March 31, 2006 The trafic to that IP on the bittorrent port has cessed (residual trafic???), but why was it there when bittorrent was off and ports on router where closed? I admite now that my reation was a bit over the top (i'm not afrade to admite when i get things wrong), it turns out that the querys where not DNS querys but NBNS (NetBIOS naming service) querys, but why is windows trying to use NBNS to resolve zonelabs.com? Quote Link to comment Share on other sites More sharing options...
plumbee Posted March 31, 2006 Share Posted March 31, 2006 Hey, My suggestion is to try and find out a few more facts before jumping to conclusions. If you can "sniff the line" (a skill i dont' have - yet) and build a profile of what your actions cause ZA to do, you will know if it is dialing home or just "auto-updating" or whatever. A few other things to try might be to use some the sysinternal tools (tcpmon, diskmon come to mind) to see what program/process is triggering the network activity. Perhaps look at an outbound firewall connected to your NIC, I know some Nforce boards have them. I hear Kerio personal FW is good, but i use ZA now, but that may change.... finally, just because a process is called "Zonealarm.exe" doesn't mean it is from ZA.... If i was going to write malware, i wouldn't call it malware.exe, but rather windowsupdate.exe or McAfee.exe or whatever. Keep us informed, i will probably look at my install tonight.. Quote Link to comment Share on other sites More sharing options...
moonlit Posted April 12, 2006 Share Posted April 12, 2006 grr... Sparda - would've checked out your blog, but I have IE atm, so no go... however, I read this thread with interest... I've heard lots of funny things about ZA along my 'net travels, but I find it odd that no matter how many times I install ZA on my machine - it disappears... gone... no sign of it... however, even with no visible sign (no tray icon, no config windows etc... it appears to be uninstalled) it still seems to be active - I used it with my Win XP SP0 fw off because the XP fw was playing at blocking traffic, so I used ZA (which worked)... though since its mysterious disappearance it still seems to be working - and still with the configuration it was last set to - maybe I missed something and turned something off but I don't remember doing so and without touching any related settings after a totally normal reboot it just... well... disappeared... still, I guess since I don't use it any more it doesn't really matter lol... I'd be interested to hear how your situation ends up though... if you find out what it's sending, do tell! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.