My first ZA alert

Well ZA has certainly opened my eyes. I always thought I couldn't be scanned if I was on a dialup account. But I was wrong:

SamSpade.org snagged me this info:

Does this mean that someone named Thomas Sanberg was trying to hack into my PC?

 

Oh, thx for the 411. I was thinking of flaming him. But now I won't. Never realized how vulnerable I was. It'll be even worse if I get the cable.

 

shadowhawk,

I would disable or remove the Windows Scripting Host.

http://service2.symantec.com/SARC/sarc.nsf/html/win.script.hosting.html

Uncheck any install on demand.

Run the Shields UP! test.

https://grc.com/x/ne.dll?bh0bkyd2

And just watch what you install and your be ok.
That don't install any spyware.

 

hewee, good buddy, hi! How is disabling/uninstalling WSH going to help with port scans that are, in any event, blocked by the firewall?

 

Welshjim,

Say bud

It's not but it just helpes make your PC safer.
The Windows Scripting Host is used by some virus and goes to work on it's own with I.E.
In Netscape you have to start it by opening the attachment the virus is in.

I just like to keep things as safe as can be.

 

I have my OE set to run in Restricted Zone mode. It asks me before it starts any scripts now and unless they're from someone I know, I don't allow them.

BTW, in 2 days I get cable Internet. Soon I'll have a modem-burning party (I hope).

 

shadowhawk,

That is a good setting to have to be safe.

Your be a happy hawk with cable flying every where soon.

 

Now hang on guys, shadowhawk may not have been port scanned, he may have simply connected to an internet site, left the site, and the site sent out a "probe" (lack of a better term) to see if the connection was still there. When I first got Zone Alarm I was alarmed (ha!) to see how many IP's were being blocked on the TCP port. I clicked on the more info button and ZoneAlarm's site told me that it may be a simple case of a webserver putting a finger out see if the connection was still active. In these cases the connections were not active, therefore Zone Alarm blocked them.

 

I noticed that some of the IPs that got caught scanning me were from my ISP. Does that mean my ISP was scanning for a connection, or is it Big Brother at the server level?

 

shadowhawk--Sadly, the most common source of port scans is from other subscribers using your ISP. The reason is the Code Red virus and its siblings. They cause an infected PC to send port scans to as many using the same ISP (and therefore having the same first two/three digits in the IP address) as possible. The owner of the infected PC does not even know this is happening.
So do not worry, as long as ZA says your PC is safe. It is just a nuisance that slows the Internet down a little.
Your ISP, itself, may probe you from time to time.. I guess their intentions are legitimate and it should not happen too often.