Hi there all Last night when browsing net I was looking in my zone alarm logs and found strange entry I dont really understand. ip protocol89 source ip 64.25.164.3 destination ip 224.0.0.5 direction - routed action taken - blocked count - 360 source dns - blnd200.onlink.net destination dns - ospf-all.mcast.net This occurred 3x in an hour.same log info...neither of the ip's are mine as you can see since it was routed. I know it was blocked and not worried about it but just curious as to what it is really. I am on dialup and dont run proxy, onlink.net is my isp. The info given by zone alarm alert info dosen't really help...lol and i cant find much on the net. This isnt the first time seeing routed stuff in my logs but usually the count is only 1 or 2 at a time ....not 360... Yes i got all updates and have up to date virus scanner, trojan scanner, spyware scanners, etc...can someone help me understand this? thanks in advance

64.25.164.3 is onlink, canadian telecomm. That IP Protocol 89 is OSPF IGP and 224.0.0.5 is the special multi cast address for all OSPF routers. Example: OSPF, Open Shortest Path First Routing Protocol The router at 64.25.164.3 is probably a designated router sending out updates to the database It's normal, unless 64.25.164.3 isn't a router on your network. Check your NETWORK security settings in the ZA FIREWALL area and make sure you are only allowing traffic to or from PCs in your network. These routes can occur regularly, but 360 can be said to be more than usual, but in the sense of the WWW, it is a small amount. As ZA blocked it, you're in good shape. But, I'd run a PC security scan at www.pcflank.com and I'd run ALL their scans as there as several and are very probing.

EC Designated router sending out updates to database?...you mean onlink server database? I have a stand alone dialup connection and do not use a router. I also forgot to mention that the routed packets were using port 0 if that makes any difference. My internet zone is set to high and trusted zone set to medium. I have left it as default settings cus I'm not really good with this port stuff but working on it...lol any port probing security sites I go on show me as stealthed...Like i said b4 this is the first time seeing this and I have had this puter since Christmas and spend about 6 hours a day online.

The router is your ISP router, meaning Onlink and how they move their traffic around on the net, including your web connection traffic Any routed packets to port 0 just indicate the programmer has it set to "just use the first available port" on the remote system, but really port 0 does not exist. It is defined as an invalid port number. But valid Internet packets can be formed and sent on the 0. There has typically been no way for Internet Socket programmers to generate or receive 0 port Internet traffic on the 0, so it was reserved and set aside for special networking. It's called specifying system allocated (dynamic) ports, which in itself can be a huge security risk on the remote system, as it's like a port scan. Modern Operating systems offer "Raw Socket" programming interfaces which provide the ability to deliberately generate port 0 packets. It's typically used in UNIX, but WINDOWS has its own version too but it works a little differently. I hope you use Zone Alarm PRO as it allows for more customization than the FREE version and a few bucks is always worth it where PC security is concerned. Make sure your ZA settings are maxed out, as high as they can be, while you can still establish a connection outbound and I'd use the option to BLOCK Java, ACTIVE X and selectively, cookies as well, but it cuts down on the web experience, but good security has always been a trade with feature-rich content, but it can be configured whereby you can enjoy most of the web's better enhancements, while still most secure. Be sure you have all the Windows XP updates, current AV definitions, current anti-Trojan definitions, current ad ware/malware scanning and very important in XP PRO, be certain you have ALL unnecessary SERVICES disabled.

Thanks EC I think I understand a little better...I do all my updates and also use dsostop for plugging holes in IE, as well as spyware blaster, check regularly with hijack this with known good log. I also do use zone alarm pro...ver 3.5 at the moment...want to upgrade to the new ver 4.0 i think it is...just waiting to see if many ppl have had any major issues with it...lol As far as the services in xp...yes I disabled alot of them and found that puter performance also increased as a result. Thanks again for responding