Zone Alarm Settings and Traffic Question
Results 1 to 8 of 8

Thread: Zone Alarm Settings and Traffic Question

  1. #1
    Join Date
    Feb 2022
    Posts
    6

    Zone Alarm Settings and Traffic Question

    I've used ZoneAlarm for quite some time now and about 1.5 months ago reinstalled Windows and ZA. As far as I'm aware, I used the same settings as I always have, but checked the Firewall log the other day for probably the first time since reinstall and noticed traffic I hadn't ever seen before. Most of it seems to be multicast traffic from devices like Xbox One and Smart TVs on my network. Like, I'll see incoming traffic from them going to 224.0.0.1, 224.0.0.251 and 239.255.255.250. on ports 5355, 5355 or 1900. I also see traffic from my computer's IP directed towards my router and 224.0.0.251 on port 5353. From what I have read this is normal traffic when devices are announcing themselves and trying to find others, but I haven't seen multicast traffic in the logs before. I am also seeing traffic from 0.0.0.0:68 directed to 255.255.255.255: 67. According to the more info page, this is a DHCP request for authentication and Zone Alarm settings blocking it. Seemingly related I am seeing traffic from my computer to 192.168.1.255(I think this is also the router) on port 137. The more info page says this is my computer attempting to renew its IP and Zone Alarm is blocking it. Also, I seebtraffic from my computer to 192.168.1.255 on port 68. The Zone Alarm more info page says this is blocked NetBios. Finally, I am seeing traffic from my router 192.168.1.1 adressed to port 80 on my computer. If it helps, I have Trusted and Public Zones set to high. IIRC I have always had them set to high and have never had to manually add IPs to zones. Is there some setting I'm missing that is causing what I'm seeing in the logs?
    Last edited by Plorp; February 13th, 2022 at 11:36 AM.

  2. #2
    Join Date
    Feb 2022
    Posts
    6
    I'm also seeing traffic from the router's IP, 192.168.1.1 directed towards 239.255.255.250 on port 1900. If it helps any, SSDP and Upnp are set to manual and not running.

  3. #3
    Join Date
    Feb 2022
    Posts
    6
    "Also, I seebtraffic from my computer to 192.168.1.255 on port 68. The Zone Alarm more info page says this is blocked NetBios" this parrt should read from my computer, from port 138 to 192.168.1.255 port 138. Also, I'm seeing blocked traffic from 192.168.1.1:138, my router to my computer in port 138. This part has me particularly concerned though. As the more info page says this is related to file sharing on the network. But it also said it's fine if it's local traffic. Since it originated from the router, that's ok, right?

    EDIT:
    I went to the details page after clicking more info and it said this may have also been due to a server on the network attempting to renew my IP adress. I assume this would be related to the router DHCP and the renewal I mentioned earlier?
    Last edited by Plorp; February 13th, 2022 at 12:24 PM.

  4. #4
    Join Date
    Feb 2000
    Location
    Idaho Falls, Idaho, USA
    Posts
    18,063

  5. #5
    Join Date
    Feb 2022
    Posts
    6
    Thanks for taking the time to share those links, jdc, though I was looking for information on Zone Alarm settings. I chatted with support via the Zone Alarm website, though, they didn't have much information for me other than uninstalling, running their clean tool and reinstalling. I was hoping they would have told me maybe the version I installed is known to have a bug in regards to settings or different traffic is handled differently now with different settings for zones. I guess I can give uninstalling a try.
    Last edited by Plorp; February 15th, 2022 at 10:41 AM.

  6. #6
    Join Date
    Feb 2022
    Posts
    6
    This may sound like a stupid question but, I remember a little over a week ago, I right clicked a video file I saved while playing a game. I noticed there was an option to cast to device and a smart TV on my network came up. Since I assume this is using SSDP, would this somehow be related to the multicast traffic I am now seeing in the firewall log?
    Last edited by Plorp; February 15th, 2022 at 11:44 AM.

  7. #7
    Join Date
    Feb 2022
    Posts
    6
    So, I combed through the archived firewall logs and it looks like this blocked traffic started showing up on the 7th of February. I'm still not entirely sure what caused it to be blocked in the first place(as the settings were setntonwhat I have always had them set to) but resetting the security settings to default through Tools> Preferences and then setting them back to what I always set them to seems to have fixed my issue. I'm no longer seeing the blocked traffic I had previously never seen.
    Last edited by Plorp; February 26th, 2022 at 11:09 AM.

  8. #8
    Join Date
    Feb 2000
    Location
    Idaho Falls, Idaho, USA
    Posts
    18,063
    There are some tools from NirSoft that might be useful in determining where traffic is originating from.

    https://www.nirsoft.net/utils/cports.html

    https://www.nirsoft.net/network_tools.html

    https://www.nirsoft.net/programmer_tools.html

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •