This log shows that your local system has configured for an APIPA range
address 169.254.x.x and it is trying to communicate with 192.168.200.x
over port 139, which is the Microsoft end-point mapper. Read this CERT
article http://www.kb.cert.org/vuls/id/32650

ZoneAlarm Log text:
type,date,time,source,destination,transport
FWIN,2002/04/11,10:12:00 -7:00
GMT,169.254.101.152:4335,192.168.200.xxx:139,TCP (flags:S)
FWIN,2002/04/11,10:13:55 -7:00
GMT,169.254.101.152:4615,192.168.200.xxx:139,TCP (flags:S)
FWIN,2002/04/11,10:13:55 -7:00
GMT,169.254.101.152:4618,192.168.200.xxx:139,TCP (flags:S)
FWIN,2002/04/11,10:13:55 -7:00
GMT,169.254.101.152:4621,192.168.200.xxx:139,TCP (flags:S)
FWIN,2002/04/11,12:59:47 -7:00
GMT,169.254.101.152:4995,192.168.200.xxx:139,TCP (flags:S)
FWIN,2002/04/11,12:59:47 -7:00
GMT,169.254.101.152:4998,192.168.200.xxx:139,TCP (flags:S)
FWIN,2002/04/11,16:28:38 -7:00
GMT,169.254.101.152:3626,192.168.200.xxx:139,TCP (flags:S)
FWIN,2002/04/11,16:28:38 -7:00
GMT,169.254.101.152:3632,192.168.200.xxx:139,TCP (flags:S)

As for tools that you can use to monitor such activities, visit:

http://www.sysinternals.com for TCPView for your Windows boxes

Look here for security tools

http://www.cert.org/tech_tips/security_tools.html
http://216.60.197.200/Help/Sections/Security.htm
http://ciac.llnl.gov/ciac/ToolsUnixNetSec.html
http://razor.bindview.com/tools/index.shtml

For a list of Security information that I have been able to compile,
visit http://www.hudlogic.com/tips.html (security)

I haven't heard of Zone Alarm, so I obviously could use some more links
on that Security tips location. If you have suggestions, please send
them.

Kurt Hudson
kurt@hudlogic.com