Re: Wondering what to do about all the intrusions you find in your firewall log?
From: Ed (ED@nowhere.com)
Date: 04/01/03
- Previous message: RT: "Re: THESE ARE SIGNS TO LOOK FOR TO TELL YOU YOUR COMPUTER IS HACKED/OWNED"
- In reply to: CBHvac: "Re: Wondering what to do about all the intrusions you find in your firewall log?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Ed" <ED@nowhere.com> Date: Tue, 01 Apr 2003 03:22:15 GMT
Thanks for setting my mind at ease folks, I was going to get worked up.
Last I heard the FBI only cares if you are in the USA and if the damage
was over US$300,000, or if national security is involved.
And CERT also requires actual damage before it is interested, before it
will do more than help you help yourself (an excellent site for reading
material I visit weekly).
And the SANS Institute is good for courses and its reading room. DShield
is affiliated with SANS.
But reading material doesn't help non-computer professionals, or
professionals who don't have the time to chase sort through probing which,
as Douglas Adams would say, is "mostly harmless".
How secret your inbound firewall log entries are depends.
If you're breaking the law in a serious way, or an enemy agent of the
country you are in, you should be very careful.
For home users with default logs, they normally reference only unsolicited
traffic, not traffic from websites or servers you are visiting.
The logs give your IP address (i.e. the destination IP address), the
source IP address, the destination port, the source port, the protocol,
and a timestamp. And you can look at your logs to verify that this is the
case.
However, if you are visiting a very slow website/server, the connection to
that website might be timed out by your firewall, and it will look like an
unsolicited connection.
Also, if you are playing a game and haven't configured your computer
properly, the attempts by your friends will look like unsolicited
connection attempts. But DShield and MNW, and I've used both for several
months now, filter out these isolated events from serious hacking
attempts.
MNW always obscures the lower two bytes of your IP address in reports it
sends out (123.123.xxx.xxx).
DShield gives you the option of obscuring from them the upper byte of your
IP address (xxx.123.123.123).
Anyway, my point was just to raise the visibility of MyNetWatchman and
DShield. Both now accept corporate and institutional input, as well as
home users. And both are free.
And thanks for the entertainment.
- Keith
- Previous message: RT: "Re: THESE ARE SIGNS TO LOOK FOR TO TELL YOU YOUR COMPUTER IS HACKED/OWNED"
- In reply to: CBHvac: "Re: Wondering what to do about all the intrusions you find in your firewall log?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
