AOA Forums AOA Forums AOA Forums Folding For Team 45 AOA Files Home Front Page Become an AOA Subscriber! UserCP Calendar Memberlist FAQ Search Forum Home


Go Back   AOA Forums > Software > OS, Software, Firmware, and BIOS


Reply
 
LinkBack Thread Tools Rate Thread
  #1 (permalink)  
Old 23rd September, 2001, 07:15 AM
Banned
 
Join Date: September 2001
Posts: 5,957

Zonealarm working...

Maybe someone could explain what the [TCP Flags: S] thing means below, never saw this before.

Quote:
The firewall has blocked Internet access to your computer (NetBIOS Session) from 66.66.228.151 (TCP Port 3474) [TCP Flags: S].

Time: 9/22/2001 12:14:38 PM


This is from the zonealarm on my webserver, which hosts IIS and directory browsing (Nimda ate it during lunch Tuesday). Nothing's getting in now thanks to ZA.
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 23rd September, 2001, 02:01 PM
Phiber's Avatar
Member
 
Join Date: September 2001
Location: NYC,USA
Posts: 1,611
Send a message via ICQ to Phiber Send a message via AIM to Phiber

Re: Zonealarm working...

Quote:
Originally posted by Pinky
Maybe someone could explain what the [TCP Flags: S] thing means below, never saw this before.



This is from the zonealarm on my webserver, which hosts IIS and directory browsing (Nimda ate it during lunch Tuesday). Nothing's getting in now thanks to ZA. [/B]
nimda got ya??
__________________
[color=blue]
Folding :
XP 2500+@ 2.2Ghz
XP 1800+
[color]
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 23rd September, 2001, 09:40 PM
Maddman's Avatar
Member
 
Join Date: September 2001
Location: Orlando Florida
Posts: 65
Send a message via ICQ to Maddman

[TCP Flags: S]
TCPFlags

There are six TCP flags. They are:

URG - urgent pointer is valid
ACK - acknowledge data received (set in all packets but first)
PSH - push data to app
RST - reset connection (hard close)
SYN - connection request (& returned by server w/ ack to accept)
FIN - end connection (normal close)

The flag as noted in the log file is the first letter of the flag abbreviation. Therefore, "AP" means ACK plus PSH, "S" means SYN.

Hope this helps
__________________
" TANSTAAFL "

"Intel Inside" is a Government Warning required by Law

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT/O d- s+:++ a C+++ U-- P L E? W++ N++ o-- K++ w++ O+ M- PS+ PE Y+ PGP- t 5+
X R++ tv++ b+++ DI++ D- G e h+ r-- y?
------END GEEK CODE BLOCK------
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 24th September, 2001, 01:42 AM
-=HN=- Wild9's Avatar
Member
 
Join Date: September 2001
Location: Greensboro, North Carolina
Posts: 18
Send a message via ICQ to -=HN=- Wild9

hell i get that tcp flag s thing everytimw zonealarm pops up an alert
could not figure it out so i just did whois on everybody till i got bored with that, now i just ignore them all
if nimda gets me, well i have a good reason to quit being lazy and go back to win98se
or xp

just not win2k anymore
__________________
Celeron 900mhz @ 1.2ghz 133 fzb
384 megs pc 133 Sdram
Geforce 2 mx 400 64 megs Sdram
30 gig maxtor hd
16x dvd rom
soyo 71s2 mobo


"Forget Mhz, I Want Gigaflops!"
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 24th September, 2001, 02:39 AM
Maddman's Avatar
Member
 
Join Date: September 2001
Location: Orlando Florida
Posts: 65
Send a message via ICQ to Maddman

Here is a site with software to help you make heads or tails fo your zone alarm log http://zonelog.co.uk/
__________________
" TANSTAAFL "

"Intel Inside" is a Government Warning required by Law

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT/O d- s+:++ a C+++ U-- P L E? W++ N++ o-- K++ w++ O+ M- PS+ PE Y+ PGP- t 5+
X R++ tv++ b+++ DI++ D- G e h+ r-- y?
------END GEEK CODE BLOCK------
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 24th September, 2001, 03:54 AM
Banned
 
Join Date: September 2001
Posts: 5,957

Thanks, my interpretation is the S is a server attempt, and being that I only noticed them recently, I think it's IIS infected servers in my subnet (and elsewhere, but mostly those nearby) trying to reach out and touch someone (which is how I got infected in the first place and ended up finally installing ZA).

I should add I had to reformat and start anew, and some past problems are no more since the reinstall... so I'm cleaned .
__________________

Last edited by Pinky; 24th September, 2001 at 04:01 AM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
ZoneAlarm 2006 Firewall/Antivirus chrisbard OS, Software, Firmware, and BIOS 1 29th June, 2006 12:29 PM
ZoneAlarm help please ~* InSoM *~ Data Security 8 18th August, 2005 12:50 PM
ZoneAlarm Program Control Ads1 OS, Software, Firmware, and BIOS 2 17th April, 2005 05:36 PM
ZoneAlarm 5 suite....is blocking "mirc" michealwolfe OS, Software, Firmware, and BIOS 3 1st June, 2004 07:46 AM
Question about Zonealarm Walter:-) Mobile Devices and Networking 5 9th October, 2001 06:13 PM


All times are GMT +1. The time now is 11:16 AM.


Copyright ©2001 - 2010, AOA Forums
Don't Click Here Don't Click Here Either

Search Engine Friendly URLs by vBSEO 3.3.0