Windows NT logon Applcation - Zonealarm logs

My firewall keeps blocking attempts by this application made to
62.241.160.200:53

I initially thought someone was trying to hack me but doing a tracert
reveals it to be one of pipex's internal computers or something!

But when my firewall starts blocking attempts made to this address I cannot
browse the web using internet explorer or opera. However, bittorrent stills
continues to upload and download?

This only affects my laptop connectied to pipex using a usb modem. When I
use my desktop using an internal pci no problem exists and zonealarm doesn't
block any attempts by this application or to that ip address.

My desktop is using Windows XP Pro. My laptop is using Windows XP Home.

I'm connected to pipex solo 1mb and have had the service for nearly two and
half years and my IP hasn't changed once.

Can anybody shed some light?

Thankyou

Dan

On Mon, 30 Aug 2004 03:00 in uk.telecom.broadband, "Dan" wrote:

>62.241.160.200:53

port 53 is used for DNS lookups

>But when my firewall starts blocking attempts made to this address I cannot
>browse the web using internet explorer or opera. However, bittorrent stills
>continues to upload and download?

Never used bittorrent, but it must use particular IP addresses for some core
servers and assuming they hold lists of users by IP address, there would be
no DNS lookups (whereas www.bbc.co.uk being used would require a lookup,
and then fails if you stop any attempts on port 53). I cannot make a
suggestion for why your firewall is blocking that port and stopping
DNS lookups. Incidentally, a friend has had something similar happen, in
so far as no DNS lookups are working, though it is unclear why port 53 is
being blocked... we can run nslookup on the command line and it works OK.

On 30 Aug 2004 in uk.telecom.broadband, I wrote:

>we can run nslookup on the command line and it works OK.
should clarify - it worked OK when some server was set up by
IP address. More testing needed methinks :-) PeterM

http://www.counterhack.net/you_ve_been_hacked_.html

Scroll to near the bottom. This information is scaring me a bit!

Dan

"poster" <us-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On 30 Aug 2004 in uk.telecom.broadband, I wrote:
>
> >we can run nslookup on the command line and it works OK.
> should clarify - it worked OK when some server was set up by
> IP address. More testing needed methinks :-) PeterM

On Mon, 30 Aug 2004 03:24:50 +0100, in uk.telecom.broadband,
"Dan" <(E-Mail Removed)> wrote:

>http://www.counterhack.net/you_ve_been_hacked_.html
>
>Scroll to near the bottom. This information is scaring me a bit!

That weboage included use of 53 to generate additional traffic from a
keystroke logger.. in our case, attempts to do a lookup failed.. so
not sure that is relevant.

Using anything like ' ping www.bbc.co.uk ' or any domain name in the
browser would fail. Using nslookup at the command line, then manually
setting it to use a specific server (giving the IP address of a known
server, not attempting using a 'name') allowed lookups to work. Turned
the firewall off, and ping/browser still failed to do any lookups

On Mon, 30 Aug 2004 05:08:52 +0100, poster wrote:

> On Mon, 30 Aug 2004 03:24:50 +0100, in uk.telecom.broadband,
> "Dan" <(E-Mail Removed)> wrote:
>
>>http://www.counterhack.net/you_ve_been_hacked_.html
>>
>>Scroll to near the bottom. This information is scaring me a bit!
>
> That weboage included use of 53 to generate additional traffic from a
> keystroke logger.. in our case, attempts to do a lookup failed.. so
> not sure that is relevant.
>
> Using anything like ' ping www.bbc.co.uk ' or any domain name in the
> browser would fail. Using nslookup at the command line, then manually
> setting it to use a specific server (giving the IP address of a known
> server, not attempting using a 'name') allowed lookups to work. Turned
> the firewall off, and ping/browser still failed to do any lookups

How did you turn the firewall off? If you just shutdown the systray GUI,
that doesn't disable ZA and you need to uncheck the 'Load ZA at startup'
option and reboot to disable it.

If this is the free version you're running then you might need to add your
ISPs DNS/DHCP server(s) to your trusted zone, open the ZA GUI hit F1 and
search for 'heartbeat' and that should describe what you need to know.

Regards

Bill

On 30 Aug 2004 in uk.telecom.broadband, phoenix wrote:

>How did you turn the firewall off? If you just shutdown the systray GUI,
>that doesn't disable ZA and you need to uncheck the 'Load ZA at startup'
>option and reboot to disable it.

Bill - it is Tiny Personal Firewall. Turned off it really is *off*

On Mon, 30 Aug 2004 13:22:51 +0100, poster wrote:

> On 30 Aug 2004 in uk.telecom.broadband, phoenix wrote:
>
>>How did you turn the firewall off? If you just shutdown the systray GUI,
>>that doesn't disable ZA and you need to uncheck the 'Load ZA at startup'
>>option and reboot to disable it.
>
> Bill - it is Tiny Personal Firewall. Turned off it really is *off*

Oh, sorry. I was assuming you were also using ZA as that's what the o/p was
asking about.

Regards

Bill

"phoenix" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Mon, 30 Aug 2004 05:08:52 +0100, poster wrote:
>
> How did you turn the firewall off? If you just shutdown the systray GUI,
> that doesn't disable ZA and you need to uncheck the 'Load ZA at startup'
> option and reboot to disable it.

Are you sure about that? I've just tried shutting down ZA and I can't
identify any associated processes still running.

Andy