My reply posting has strangely been rejected twice by CGUYS so far...
I'll cc it to you Robert this time also...
-----------------------
I take it you are using AVG antivirus with the free ZA firewall?
Your ZA zone settings seem appropriate but you shouldn't use AVG if you
are using the ZA Security Suite which contains an antivirul program
Port 137 is Netbios NAME, 138 is Netbios DATAGRAM. Port 445 is SMB
(Server Message Block) over TCP or filesharing probably.
Do you do file sharing or printer sharing between your and your
daughter's two computers?
If not, you could disable File and Printer Sharing for Microsoft
Networks on the two machines and the NetBIOS activity that ZA is picking
up should go away. It will make your computers less susceptible to
exploits also.
(You should never have this running on laptops that visit external
networks because you would be setting yourself for trouble)
(To turn it off: Go to My Network Places/ View Network Connections/
Local Area Connection / Properties / take the check out of File and
Printer Sharing for Microsoft Networks and restart computer).
db
Robert wrote:
Thank you for the detailed information.
Here is the info:
My computer: ipaddress 192.168.1.3; subnet mask 255.255.255.0; default
gateway 192.168.1.1
Daughter's computer ipaddress 192.168.1.2; other addresses same.
Looking at ZoneAlarm Log Viewer on my computer, each instance is either
my computer trying to connect to my daughter's computer thru ports 139
or 138, or daughter's computer trying to connect to my computer on ports
138 or 445. There are also a few pings received from daughter's
computer. All are shown to have medium or high risk, but the
explanation message says that there is nothing to worry about. I have
added one instance to the trusted zone in an attempt to eliminate the
messages.
The Internet Zone security is set to high, the trusted zone security is
set to medium.
Daughter plays games on the web, so I ran both Spybot & Lavasoft on her
computer and removed several hundred items found. Don't know if any of
these were dangerous nor that any of them was causing the ZoneAlarm
message. Both our computers have AVG and ZoneAlarm.
db wrote:
A router typically only provides a NAT firewall... the most rudimentary
type of firewall ... one that is not difficult to get around. Creating
a layered defense by also using a software firewall on your computer is
accepted best practice.
NetBIOS provides windows file and printer sharing services but can be
used for exploits. It could be that your other computer has been
compromised and is "recruiting"
You can learn more about the messages by bringing up ZA's control panel
and going to: Alert and Logs/ Log Viewer/ and click on one of the logged
alerts and then click on "More info" and then each of the 4 tabs offered
there: Overview, Technical Info, Details and Hacker ID. Zone Alarm is
particularly good at explaining things if you use these tools.
Compare that info with what you learned about your computer's IP
addresses by doing the suggested Run/ cmd / ipconfig on all of your
computers and you should have more of an idea of what is going on.
I'll be curious to know what you find out...
Also let us know what level of defense your Zone Alarm is set for the
"Internet Zone" and the "Trusted Zone"
db
*************************************************************************
** List info, subscription management, list rules, archives, privacy **
** policy, calmness, a member map, and more at http://www.cguys.org/ **
*************************************************************************
