Re: Wondering what to do about all the intrusions you find in your firewall log?

From: Ed (
Date: 04/01/03

    From: "Ed" <>
    Date: Tue, 01 Apr 2003 03:22:15 GMT

    Thanks for setting my mind at ease folks, I was going to get worked up.

    Last I heard the FBI only cares if you are in the USA and if the damage
    was over US$300,000, or if national security is involved.

    And CERT also requires actual damage before it is interested, before it
    will do more than help you help yourself (an excellent site for reading
    material I visit weekly).

    And the SANS Institute is good for courses and its reading room. DShield
    is affiliated with SANS.

    But reading material doesn't help non-computer professionals, or
    professionals who don't have the time to chase sort through probing which,
    as Douglas Adams would say, is "mostly harmless".

    How secret your inbound firewall log entries are depends.

    If you're breaking the law in a serious way, or an enemy agent of the
    country you are in, you should be very careful.

    For home users with default logs, they normally reference only unsolicited
    traffic, not traffic from websites or servers you are visiting.

    The logs give your IP address (i.e. the destination IP address), the
    source IP address, the destination port, the source port, the protocol,
    and a timestamp. And you can look at your logs to verify that this is the

    However, if you are visiting a very slow website/server, the connection to
    that website might be timed out by your firewall, and it will look like an
    unsolicited connection.

    Also, if you are playing a game and haven't configured your computer
    properly, the attempts by your friends will look like unsolicited
    connection attempts. But DShield and MNW, and I've used both for several
    months now, filter out these isolated events from serious hacking

    MNW always obscures the lower two bytes of your IP address in reports it
    sends out (

    DShield gives you the option of obscuring from them the upper byte of your
    IP address (xxx.123.123.123).

    Anyway, my point was just to raise the visibility of MyNetWatchman and
    DShield. Both now accept corporate and institutional input, as well as
    home users. And both are free.

    And thanks for the entertainment.

    - Keith