I keep getting different people trying to gain access to the pc. I get this message:
ZoneAlarm Pro prevented access to port 23 on your computer.
ZoneAlarm Pro has blocked access to port 1026 on your computer.
ZoneAlarm Pro has blocked access to port 4000 on your computer
along with their IP address.

What can I do to stop this? It happens maybe 5 times a day. It never used to happen.

I usually ignore them. If your ports are firewalled, they can hammer away all they like ;)

Unless you have any interest in the messages then turn them off or ignore them, they are just telling you that ZA is doing its job. :)

I keep getting different people trying to gain access to the pc. I get this message:
ZoneAlarm Pro prevented access to port 23 on your computer.
ZoneAlarm Pro has blocked access to port 1026 on your computer.
ZoneAlarm Pro has blocked access to port 4000 on your computer
along with their IP address.

What can I do to stop this? It happens maybe 5 times a day. It never used to happen.

Unfortunately there is no way to stop your ports from being scanned - most hacker run a scanning program that scans an IP range looking for certain port numbers...

Port 23 - telnet protocol - often used to hack servers without up to date security patches. :afire:
port 1026 - this is the windows messanger listening port - if open - spammers can cause popup spam in messenger - nasty :grind:
port 4000 - this is an ICQ port, it would appear this may be spammers rather than hackers. although back orifice can (and in the past has) be configured use this port :upyours:


it just seems strange that they are using these specific ports as they are not generally used by trojans or viruses - however a spammer could really annoy you using these particular ports.

HTH

Just looked in the log and I have hundreds of pings aswell as the port scans coming from the same DNS.

in-addr.arpa
.in-addr.arpa
24.in-addr.arpa

The IP addresses are always slightly different.

Just looked in the log and I have hundreds of pings aswell as the port scans coming from the same DNS.

in-addr.arpa
.in-addr.arpa
24.in-addr.arpa

The IP addresses are always slightly different.
in-addr.arpa is the reverse dns lookup domain.

24.in-addr.arpa is the reverse lookup for 24.x.x.x addresses (US Cable network).

I just removed the DNS I was using from network properties. (had to change due to tuesdays problems) and the pings have stopped coming from in-addr.arpa
and are now coming from ntl addresses as before.

If the sweeps are coming from the same ip addreses all the time you could report the users to there ISP'S. Sometimes they do act on complaints. You can also email abuse@ntlworld.com with a copy of the logs.

You can find out who is scaning you by putting there Ip address into www.all-nettools.com

HTH