- Posts: 92
- Thank you received: 0
Zone Alarm high alert: what is the nature of 192.168.1.104?
19 years 10 months ago #6542
by saidfrh
Ip 192.168.1.104 from several ports has set off high alert on the Zone Alarm. How can I find where 192.168.1.104 is comming from?
The following is a high Alert log from Zone Alarm log viewer. The PC has an IP of 192.168.1.102; default gateway -linksys DSL router is 192.168.1.1 . The rest of computers are turned off. I can not ping 192.168.1.104, which triggered the high alert. How can I find out where the 1.104 is coming from and its nature?
Thanks.
Rating High
Protocol Source Destination
TCP (flag:S) 192.168.1.104:1353 192.168.1.102:139
:1175
:1091
1135
The following is a high Alert log from Zone Alarm log viewer. The PC has an IP of 192.168.1.102; default gateway -linksys DSL router is 192.168.1.1 . The rest of computers are turned off. I can not ping 192.168.1.104, which triggered the high alert. How can I find out where the 1.104 is coming from and its nature?
Thanks.
Rating High
Protocol Source Destination
TCP (flag:S) 192.168.1.104:1353 192.168.1.102:139
:1175
:1091
1135
19 years 10 months ago #6559
by sLz
Replied by sLz on topic Re: Zone Alarm high alert: what is the nature of 192.168.1.104?
Good question saidfrh. Seen as how nobody's replied, I'll start it off hopefully, by giving a naif reply. Perhaps it's your MODEM's HFC IP doing something like trying to access its TFTP server, however the data is strangly being sent over the ethernet port instead of Coax/Fibre channel leading all the way back to your ISP...? I have no idea, just a maybe. *Hides in a corner and awaits criticism*.
- cybersorcerer
- Offline
- Senior Member
Less
More
- Posts: 123
- Thank you received: 0
19 years 10 months ago #6566
by cybersorcerer
"He who breaks something to find out what it is, has left the path of wisdom."
Gandalf the Grey
Replied by cybersorcerer on topic Re: Zone Alarm high alert: what is the nature of 192.168.1.104?
I promise I wont criticize you Anyways, from what I see, the IP address you are seeing must either originate from your internal network(it being inside the reserved address space) or it is being spoofed. It seems that whatever the host is querying is your netbios port on your computer and trying to establish a TCP connection and your computer is obviously denying or dropping the connection.
So I ask you this, are you sharing any files or folders on your private network? are you perhaps using wifi(could be a wardrive trying to access your internal network that happens to deny echo_requests(ping))? have you tried checking what computers are participating in your windows network by using the "net view" command in the cmd prompt? Also try scanning the suspected computer with something other then ping... try the windows port of nmap.. unless you got a linux box . If you need anymore help, come up with a solution or discover information feel free to post it
So I ask you this, are you sharing any files or folders on your private network? are you perhaps using wifi(could be a wardrive trying to access your internal network that happens to deny echo_requests(ping))? have you tried checking what computers are participating in your windows network by using the "net view" command in the cmd prompt? Also try scanning the suspected computer with something other then ping... try the windows port of nmap.. unless you got a linux box . If you need anymore help, come up with a solution or discover information feel free to post it
"He who breaks something to find out what it is, has left the path of wisdom."
Gandalf the Grey
Time to create page: 0.118 seconds