kgeissler 0 Posted December 20, 2001 Here is an event I have in my Zone Alarm Pro log: The firewall has blocked Internet access to your computer (UDP Port 7062) from 204.127.202.4 (DNS). Why would zone alarm block this? Any idea? Share this post Link to post
clutch 1 Posted December 20, 2001 Well, I am not familiar with that port number (you can check out port listings here for more info) and DNS resolution is normally hosted on port 53. But, in general, you don't want any external traffic to look to your network for name resolution if you have DNS servers that are only meant for your network. Now, if you were hosting your own Name Servers for external resolution of subdomains for your TLD, that would be a different story. But, it sounds like you aren't, so I wouldn't let them in anyway. Share this post Link to post
Palos 0 Posted December 20, 2001 Maybe you were portscanned and the firewall detected that and automatically blocked the IP. However the attacker can spoof his IP and hide behind your provider's DNS, therefore locking you out of the Internet, lol. I don't think that's the case, but maybe the NetBios name of that IP address IS actually DNS, lol too. Share this post Link to post
ryoko 0 Posted December 30, 2001 I would guess a port scan. Look at how high the origin port number is. Typically a PC will increment the port number for nonstandard tcp/ip proceesses. For example, if I ran a particular network app 4 times, the first use may use an outgoing port of say 4010, the second 4011, the third 4012 ... get the idea. Now that is just the origin port on my PC. If I were using a generic service, like FTP, then the destination port would be 21 in all the above examples. There are many exceptions to this, as a lot of software is made to use a specific port even for outgoing transmittions. Well, I hope this helped a little. -RY Share this post Link to post