Re: Constant Hacking Attemps - Pacific Bell DSL customer
From: Tilman Schmidt (Tilman.Schmidt@ePost.de)Date: 02/06/02
- Next message: Tom Del Rosso: "Re: Buy a Firewall or a Router?"
- Previous message: Mole Prime: "Zone Alarm and FTP Server"
- In reply to:(deleted message) Neko: "Constant Hacking Attemps - Pacific Bell DSL customer"
- Next in thread: Ash: "Re: Constant Hacking Attemps - Pacific Bell DSL customer"
- Reply:(deleted message) Ash: "Re: Constant Hacking Attemps - Pacific Bell DSL customer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Tilman Schmidt <Tilman.Schmidt@ePost.de> Date: Wed, 06 Feb 2002 19:28:10 +0100
Neko <Neko@nospam.com> wrote:
>x-no-archive: yes
Why?
>I have basic dsl service from Pacific Bell in California with a
>dynamic IP address. I use ZoneAlarm Pro as a for Firewall
Why?
> and just
>installed Zone Analyser to review my logs. I was recently reviewing
>old ZoneAlarm logs with Zonelog as far back as 2000 (ok, I was bored
>and I had new toy) and found I've been attacked at min.4 times a day
>and up to 10 times daily.
Those are not attacks, they are probes, and they are absolutely normal
in today's Internet. You should throw away ZoneAnalyzer, and ZoneAlarm
with it, for scaremongering, and concentrate instead of configuring
your system securely.
>The attacks are coming from China, Germany, France, Russian, Korea,
>Taiwan + AOL, Pacbell and it's partners + other US sites (including
>Petfood Direct!).
Normal.
>What can be expected from an ISP to keep hackers coming through their
>Firewall?
Nothing at all. ISPs aren't supposed to filter traffic, they are
supposed to provide connectivity. Securing your systems is your own
responsibility.
> Can't they afford Checkpoint? <grin>
They can't afford the complaints and lawsuits that might result if
they block traffic the customer would have wanted to pass, or vice
versa, so they wisely offer just full, unfiltered connectivity.
> I've been report these
>attempts to the Network Admins of the offenders with good feedback and
>several machines removed from networks (an .EDU in New Mexico).
Most of the machines those probes are coming from have been hacked
themselves, so if you have spare time on your hands you can do their
owners a favor if you alert them to the fact that their machine is
issuing probes. Many owners are grateful about that.
>Pacbell only sends an auto-reply to my report.
Some just don't care.
>What is Zone Alarm NOT protecting? At one point I was running Black
>Ice Defender + Zone Alarm.......Is Zone Alarm enough?
ZoneAlarm doesn't protect anything. It is just watching and blocking
traffic to ports where no program should be listening anyway. On a
properly configured system it is completely redundant. The probes
which ZoneAlarm is alarming you about wouldn't have gotten anywhere,
anyway. On the other hand, well-written trojans just circumvent
"personal firewall" software like ZoneAlarm, so again, ZoneAlarm and
the like don't protect anything.
>The firewall is stopping these hacking attempt::
[list of frequently probed ports]
As I said, none of these ports accept traffic on a properly configured
system in the first place. It would do more good to the security of
your system if you concentrated on making sure that it is, in fact,
properly configured, instead of tracking the normal background noise
of the Internet.
-- Tilman Schmidt E-Mail: Tilman.Schmidt@ePost.de Bonn, Germany - In theory, there is no difference between theory and practice. In practice, there is.
- Next message: Tom Del Rosso: "Re: Buy a Firewall or a Router?"
- Previous message: Mole Prime: "Zone Alarm and FTP Server"
- In reply to:(deleted message) Neko: "Constant Hacking Attemps - Pacific Bell DSL customer"
- Next in thread: Ash: "Re: Constant Hacking Attemps - Pacific Bell DSL customer"
- Reply:(deleted message) Ash: "Re: Constant Hacking Attemps - Pacific Bell DSL customer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
