Detailed
Explanation
The rest of this page discusses some possible causes
of this alert.
The connection attempt that caused this alert was
probably harmless. The most likely scenarios
are:
- The communication may have
been a legitimate attempt by your ISP, a news server,
a mail server, or other service provider to
authenticate your IP address for the purpose of
providing services you requested. ZoneAlarm usually
allows authentication to take place; but this attempt
may have come from a different computer from the one
you originally contacted for services, possibly due to
load balancing requirements in the provider
organization.
- You may have set up a web site
or some other service such as an e-mail, FTP, news
service, or hosted game to provide services that
require an Internet connection, without giving your
web application server permission in ZoneAlarm.
To give your application server permission, find the
program that contains your web application in the
Programs panel. On the line where this program is
located, grant your web application the correct
permission to act as a server. This will allow your
web site to accept connection requests from the local
network or the Internet, depending on which option you
select.
- You may be trying to receive
online messages using mIRC, ICQ, Instant Messenger, or
a similar program. In this case, the reason you
received the alert is that you have not given mIRC,
ICQ or Instant Messenger server permission in
ZoneAlarm. Server permission is what allows a program
to accept incoming connection requests from the local
network or the Internet.
- Another computer may have been
the former owner of your current IP address. If you
have a dial-up connection, your IP address is assigned
when you dial up and is released when you hang up. In
that case, there may be people out there who are
trying to connect with the person who had your IP
address before you did. If you have DSL or a cable
modem, you may experience this phenomenon if you have
just received a new IP address assignment. This
happens frequently when using certain Internet Service
Providers.
- Some older versions of
ZoneAlarm had a bug which caused alerts when using
"active" mode FTP.
- A server you recently visited
may not have disconnected properly from your computer,
and may be checking the connection again. In that
case, you can safely ignore this message, because the
server will eventually realize you're
disconnected.
- The Internet Lock may have
engaged while you were in the middle of a download.
This could happen if you have set the Internet Lock to
engage when your screen saver activates.
- There may be excessive network
congestion or other network problems that prevent
information from being transmitted completely and
correctly.
- A network administrator may be
monitoring network performance or testing network
security.
- Someone on your network may
have a computer with misconfigured network settings.
The consequences of a network misconfiguration is
dependent on the platform and other conditions
specific to the individual network.
- One other cause for this alert
is that a new piece of network-related software may
have been installed on a computer within your network.
If someone is trying to learn how to use the software,
it is possible that the alert was caused by the way
that person is using the software. Any possible damage
will depend on what kind of software is being used
and, of course, on the intent of the person using
it.
The most common cause of this alert is a
configuration error in your copy of ZoneAlarm, or a
configuration error in the server software of the
computer that tried to connect to yours. Double-check
your ZoneAlarm settings to make sure your copy of
ZoneAlarm is configured correctly, before concluding
that someone is trying to hack into your computer. If
you think there is a configuration error at the other
end, you can make a polite inquiry to the person on your
network. In some cases, bugs in server software are a
fact of life and should be gracefully accepted at face
value.
If you decide to try to find out who tried to reach
you on port 80, please take note of the information from
the alert by either bookmarking this page or by
referring to a summary of the alert data which is
usually maintained in the ZoneAlarm alert log file on
your computer. If alert logging is enabled, the default
location for alert log file is c:\windows\internet
logs\ZAlog.txt or c:\winnt\internet logs\ZAlog.txt,
depending on your operating system. Alert logging may be
turned on or off on the Alerts panel. Conclusion
It is very unlikely that you have been singled out
for an attack. The links below will help you determine
whether the blocked communication was benign or
malicious.
For further information, please
check out the following articles in the Zone Labs
Knowledgebase:
MoreInfo
for blocked inbound communication to a known Trojan
port
Programs
and Server Permissions
Zone
Labs Knowledgebase Main Page
Zone
Labs Knowledgebase Main Page
MoreInfo
for blocked inbound communication to a known Trojan
port
MoreInfo
for blocked inbound communication to a known Trojan
port
You may also find the following
pages on the Zone Labs web site to be
helpful:
ZoneAlarm
User's Manual - Alerts Panel
ZoneAlarm
User's Manual - Lock Panel
Announcing --
ZoneAlarm Pro!
ZoneAlarm
User's Manual
Frequently
Asked Questions
Zone Labs Home
Page
Frequently
Asked Questions
|