Re: Wondering what to do about all the intrusions you find in your firewall log?

From: Ed (ED@nowhere.com)
Date: 04/01/03

  • Next message: YK: "Re: HOW TO SECURE INTERNET BROWSERS"
    From: "Ed" <ED@nowhere.com>
    Date: Tue, 01 Apr 2003 03:22:15 GMT
    
    

    Thanks for setting my mind at ease folks, I was going to get worked up.

    Last I heard the FBI only cares if you are in the USA and if the damage
    was over US$300,000, or if national security is involved.

    And CERT also requires actual damage before it is interested, before it
    will do more than help you help yourself (an excellent site for reading
    material I visit weekly).

    And the SANS Institute is good for courses and its reading room. DShield
    is affiliated with SANS.

    But reading material doesn't help non-computer professionals, or
    professionals who don't have the time to chase sort through probing which,
    as Douglas Adams would say, is "mostly harmless".

    How secret your inbound firewall log entries are depends.

    If you're breaking the law in a serious way, or an enemy agent of the
    country you are in, you should be very careful.

    For home users with default logs, they normally reference only unsolicited
    traffic, not traffic from websites or servers you are visiting.

    The logs give your IP address (i.e. the destination IP address), the
    source IP address, the destination port, the source port, the protocol,
    and a timestamp. And you can look at your logs to verify that this is the
    case.

    However, if you are visiting a very slow website/server, the connection to
    that website might be timed out by your firewall, and it will look like an
    unsolicited connection.

    Also, if you are playing a game and haven't configured your computer
    properly, the attempts by your friends will look like unsolicited
    connection attempts. But DShield and MNW, and I've used both for several
    months now, filter out these isolated events from serious hacking
    attempts.

    MNW always obscures the lower two bytes of your IP address in reports it
    sends out (123.123.xxx.xxx).

    DShield gives you the option of obscuring from them the upper byte of your
    IP address (xxx.123.123.123).

    Anyway, my point was just to raise the visibility of MyNetWatchman and
    DShield. Both now accept corporate and institutional input, as well as
    home users. And both are free.

    And thanks for the entertainment.

    - Keith


  • Next message: YK: "Re: HOW TO SECURE INTERNET BROWSERS"

    Relevant Pages

    • Re: Proof of personal Internet Usage
      ... internet and a printout of all the sites that she visited. ... The only way it would continue to show on server logs would be if that ... websites take between 5 and 10 seconds to load. ... To hit the 17 hour limit, your friend would have had to download around 6000 ...
      (uk.legal)
    • Re: How Stupid Is Mottershead?
      ... From the USCF Issues Forum this morning. ... The logs were being generated by software that I ... USCF Forums database, I could have tampered with that, too. ... Once the connection is established between an IP ...
      (rec.games.chess.politics)
    • Re: SBS Dial-up Connector - Connects unexpectedly.
      ... If you have turned up the logging on RRAS and made sure it logs everything, ... it should turn up in the systemlog on the server. ... that the connection can't be made. ... > discount spyware on my client PC's. ...
      (microsoft.public.windows.server.sbs)
    • Re: Unable to establish the VPN connection. The VPN server may be
      ... Router 192.168.3.1 DHCP server ... >> or security parameters may not be configured properly for this connection. ... What about the ISA logs? ... If you can get a VPN connection but authentication times ...
      (microsoft.public.windows.server.sbs)
    • RE: Computers losing their connection
      ... I am getting some event errors in the security logs. ... > Have you looked at the logs on the server? ... they have to restart their computer to regain the connection to some ...
      (microsoft.public.windows.server.sbs)