Error Code Advice

[ali-cat]

I'm really hoping that one of the, very knowledgable, computer buffs on the forum can help us with a query. 

We have Zonelarm (Firewall) and Avast (Antivirus) on our laptop.  Both are the free download versions.  While accessing the internet Zonealrm gave the message 'The firewall has blocked Internet access to 192.168.0.1 (DNS) from your computer'.  The only further explanation was 'Zonealarm prevented your computer from accessing port 53 on a DNS server'. 

This message has started appearing recently and appears a number of times per day.

Could anyone please advise what this message means and whether we should be concerned?  I'd also be grateful for advice on whether these freeware applications provide sufficient security or should we invest in a more robust package?

Many thanks

 

 

[thunderhorse]

That's computers for you! [:P]

A bit more info may help. Which OS? Assuming Windows, then likely you'll have Windows firewall set, even if it's just to stop annoying popup reminders. More than one firewall running can give errors.

The IP address may be that of yourself. Do you know if you're getting a dynamic or static address from your ISP? What sort of Internet connection do you have - dial-up, broadband, through a router?

Freeware apps can be absolutely fine. Unless you've got real concerns, stick to the inbuild firewall, and as for anti-virus - get AVG free edition from grisoft.com. Most people I know use it.

The other thing you could try is Xoftspy - this is anti-spyware which will run and update every day. You'll be surprised at the crapola on your system and the errors that it generates.

OR, dump Windows and get a Linux package...

Hope that helps. [:D]

[ali-cat]

Many thanks TH.

The OS is Windows XP home edition.  As far as I can tell the windows firewall is disabled as Zonealarm is running.  Don't know if the IP is ours or whether address is static or dynamic - how do you check?  We are using broadband using a wireless through router connection.

Don't believe Linux is an option.  We are not specialist users and have too many windows apps to replace.  

Any more info would be a great help.

 

 

 

[thunderhorse]

Two things you could try, then:

1.    disable zonealarm, enable Windows firewall, and see if you still get the same errors; reverse it all and try again;

2.   to check your IP address, go to Start - Control Panel - double click Network Connections. At the bottom of the left menu column you'll see 'Details'. Click that once or twice to open it up and then let it settle (I have to)... and it'll give you connection details i.e. make of NIC, IP address, subnet mask, and how your IP address was assigned.

E.g. mine reads

Lan or high-speed Internet

Connected

Intel(R) PRO 100/VE

Connected

IP address: 192.168.1.10

Subnet mask: 255.255.255.0

Assigned by DHCP (dynamic host configuration protocol)

And run some anti-spyware... Spyware/malware is known to muck up computers, even though they aren't technically viruses.

[diotima]

192.168.0.1 is a web server belonging to Bigpond.net, an Australian division of the Telstra Group, they're a big and reputable internet company. This server hosts third party web sites and Port 53 is the port on that server that gives access to those sites from the outside. It gets very murky from here, maybe your firewall/AV software has spotted activity from one or more sites on that server that it's tagged as damaging, and is blocking access to the entire server.

DNS just means 'domain name server', all websites have a unique DNS number that maps to the name of the website itself. If you know a website's IP (internet protocol) address (the DNS number) you can reach it by typing either that or the site name into your browser.

I can't comment on the software you're using as I'm on a Mac and not connected to a Windows network so I use a double-layer firewall but no AV software. AV software does need to be updated regularly, often once a month, as new viruses or later versions of current versions are identified.

You could email bigpond.net and let them know the problem. Web hosts and ISPs generally aren't held responsible for the activities of customers, but reputable ones usually investigate if you report a problem.

[Debra]

Is your laptop on a network?  It's just that if you do a search on that error message and ip address you'll come across a few pages where someone had that address as the gateway/router on their network.....take a look at this: http://users.ece.gatech.edu/~owen/Academic/ECE4112/Spring2005/4112_lab8_firewalls.doc and this http://forums.speedguide.net/showthread.php?t=200425 and this http://help.lockergnome.com/general/XP-2k-98-workftopic-675-days0-orderasc-15.html (which mentions this address is the default gateway in XP)

[Debra]

OK - if you read this http://wpool.com/cablesharing/cablesharing.pdf it goes specifically into how to share an Optus@Home or Bigpond Advance cable internet connection over a home network - and specifically says that ZoneAlarm can cause problems.  It says it's aimed at people with virtually no knowledge of computers.  Reading it may give you a clue why ZoneAlarm appears to have a problem with what I guess is the address of your wireless router.

I've used AVG Free for years and have never had any problems and now have it with XP Home Edition - you could always just try changing to that!!  (Or is there are 'allow list' to update on ZoneAlarm?  Sorry - don't know much about it.....)

[ChezShells]

[quote user="diotima"]192.168.0.1 is a web server belonging to Bigpond.net, an Australian division of the Telstra Group, they're a big and reputable internet company.

[/quote]

Where did you get that from?, 192.168.0.1 is usually assigned to home networks, so this will be the router.

Can you not alter the zonealarm settings to allow this IP access, I use zonealarm (security edition) without problems
Double click the icon in the taskbar, select firewall and see if this IP is lited if not add IP address.

[diotima]

[quote user="ChezShells"]

[quote user="diotima"]192.168.0.1 is a web server belonging to Bigpond.net, an Australian division of the Telstra Group, they're a big and reputable internet company.

[/quote]

Where did you get that from?, 192.168.0.1 is usually assigned to home networks, so this will be the router.

[/quote]

Whois search at Internic. The Internic database can't lie [;-)]

[Sunday Driver]

Just got Ali@ards error message - for the first time ever!  Hope this is not contageous.....[;-)]

Here's what the Zone Alarm help says about it:

ZoneAlarm has successfully prevented local network or Internet traffic from reaching your computer. No breach in your security has occurred. Your computer is safe. What happened? ZoneAlarm blocked an incoming data packet that was addressed to port 53 on another computer. The packet was either mistakenly or intentionally routed through your computer. The data packet was sent from port 1582 on a computer whose IP address is 192.168.1.10. Should I be concerned?

This alert generally occurs either as a result of random routing problems on the Internet or a configuration issue on a local network What should I do? If you are using ZoneAlarm on the gateway computer of a shared Internet connection, check that the computers in your local network have been added to your Trusted Zone. Please refer to the help files to accomplish this task. You may also want to consider lowering the security to medium and see if the alerts go away. The SmartDefense Advisor has determined your Trusted Zone security level to be Medium and your Internet Security Level to be High .

[Quillan]

I don't know much about Zonealarm but the IP address given is rather suspect and will normally be from any Bridge, router (both hardware and software) etc on your internal network as 192.168.0.1 is the most commonist default IP address for such devices. If I type in this address in my browser my router config login will appear. The reason for this is that 192.168.x.x are addresses that are used within a local network and can't be seen by the internet, the internet in general has a mask to blank out these numbers. There must be thousands if not millions of networks all round the world that have IP addresses starting with 192.168 for exactly that reason. So there is no way that the address given earlier 'belongs' to a ISP or company connected to the internet.

[thunderhorse]

[quote user="diotima"]192.168.0.1 is a web server belonging to Bigpond.net... [/quote]

Just to be sure, I checked 192.168.0.1 at Internic -

No match for nameserver "192.168.0.1".
>>> Last update of whois database: Fri, 30 Jun 2006 15:17:05 EDT <<<

Masked local address, so it certainly appears to be a local config problem.

[ali-cat]

We went out this morning & bought new Internet security software.  It defends against viruses, spyware, worms (ugh!), phishing scams, spam, identity theft, pop-ups & inappropiate internet content (there's half the threads on the forum gone!!) - & it was half price!!

If this dosen't cover us, I don't know what will.  Mark'll be removing any other security programs, before installing it this afternoon - while I watch the footie!!  [:D]

[thunderhorse]

... bought new Internet security software...

You did WHAT? [+o(]

There's plenty of good free stuff out there. [;-)]

[tenniswitch]

Is your computer on a home network?  If you select Start/Run/cmd/okay, you will open the C:\WINDOWS\system32\cmd.exe screen and see something like: "C:\Documents and Settings\Your Name>" (it won't have the quotation marks).

Type "ipconfig/all" without the quotes and press enter and you will see the ip addresses, among other things, of your computer and your router (default gateway).  192.168.1.1 is normally the address of your router.  The addresses of your computers may vary at times unless you have set static ip addresses for them in your router settings, but they will be 192.168.1.something.

The bottom line is that your firewall may be blocking access to something on your home network unless you have configured the firewall settings to permit this access.

[Quillan]

[quote user="tenniswitch"]

Type "ipconfig/all" without the quotes and press enter and you will see the ip addresses, among other things, of your computer and your router (default gateway).  192.168.1.1 is normally the address of your router. 

[/quote]

Oh dear yes I was wrong 192.168.0.1 is normally reserved in windows for the DHCP server that is run when you activate internet sharing on a Windows PC hence router manufacturers tend to set their defaults to 192.168.1.1 as tenniswitch said. I have a Novell server and I have changed mine round a bit and my router has been changed to 192.168.0.1 because I reserve the first 10 ip addresses for static addressing. Sorry for that duff information but the rest is correct, you won't find any (in theory) 192.168.x.x address's on the www.

[diotima]

Well, colour me confused. This is the report I got from my Internic Whois search:

   Server Name: 192.168.0.1.VIC.BIGPOND.NET.AU

   Registrar: TUCOWS INC.

   Whois Server: whois.opensrs.net

   Referral URL: http://domainhelp.tucows.com

I'll just go back to the day job and decide which variant of Trinité is the best face for the book of poetry I'm setting  [8-)]

[thunderhorse]

Domain, Registrar, Nameserver -  all blank. Something verrry fishy is going on... [8-)]

[Quillan]

[quote user="diotima"]Well, colour me confused. This is the report I got from my Internic Whois search:

   Server Name: 192.168.0.1.VIC.BIGPOND.NET.AU
   Registrar: TUCOWS INC.
   Whois Server: whois.opensrs.net
   Referral URL: http://domainhelp.tucows.com

I'll just go back to the day job and decide which variant of Trinité is the best face for the book of poetry I'm setting  [8-)]

[/quote]

What you have here is a dns name (tying to keep it simple) not a real IP address. It is probably a name they are using for their NAT. It is not possible to have a 192.168.x.x which is a class C address, the website you have used above tells you that and points to the following text.:

IP Blocks for Private Internets

The IP blocks

 10.0.0.0        -   10.255.255.255  (10/8 prefix)
 172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
 192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

are reserved as private address space, specified in the RFC 1918. This means everybody can set up an internal network using addresses in these blocks, but packets originating from those addresses should never appear on the internet.

Consequently, the administrators of those internal networks are not obliged to register themselves with a whois database such as the RIPE database.

Thus, if you have received packets originating from these addresses, there is either a misconfiguration somewhere or the packets that you received contain a spoofed IP address, or they have been sent from within your own network.

RFC 1918 can be found at ftp://ftp.ripe.net/rfc/rfc1918.txt

I hope that clears things up for you, it can get very confusing at times.