# Zone Alarm blocking IP.



## bliccy (Aug 6, 2006)

I recently installed Zone Alarm after cleaning up some spyware problems with help from the HJT forums. 

Zone Alarm has given me two alerts today saying it has blocked a particular IP address from accessing my computer. I did an IP address search using WHOIS (networksolutions.com/whois) and it came back that it was my ISP, Comcast, from New Jersey.

Under the Alerts & Logs tab in Zone Alarm, it shows it has blocked this 50+ times, and lists the program as "svchost.exe" and the Source IP is different, but the destination IP is the same as the one on the alert. I can provide a print screen if needed.

This just seems...fishy. Any suggestions or info?


----------



## whardman (Jun 28, 2006)

svchost.exe is a windows component. The destination IP appears to be your IP address as it remains the same everytime. Post an example of the log so we can determine what type of connection it is making. Especially include both the source and destination port.


BTW, are you sure the destination port is the same everytime and not the source port?


----------



## bliccy (Aug 6, 2006)

Here's a print screen:


----------



## whardman (Jun 28, 2006)

Port 53 is used by DNS (Domain Name System) to resolve internet addresses i.e. techsupportforum.com to its IP address. You should create a rule to allow outgoing connections to port 53.

PS. The source IP is the same 192.168.1.101 the source PORT is different (1028, 1040).


----------

