Re: blackice reports localhost intrusions !?!?!
From: Duane Arnold (notme_at_notme.com)
Date: 11/11/03
- Next message: \: "Re: Symantec newsgroups?"
- Previous message: Bryce: "Re: attn: Duane or David (or anyone) -- router question and ip address question"
- In reply to: Mariano: "blackice reports localhost intrusions !?!?!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 11 Nov 2003 01:15:38 GMT
mborghi@wcstechnology.com (Mariano) wrote in
news:3a28cab6.0311100703.5e12b40e@posting.google.com:
> before updating my blackice to the latest 3.6cbx version, blackice
> start
> reporting attacks from my own machine, on various different ports like
> 80, 2234, 2240 and some others.
> some of the attacked ports reported are open, like 2234 and 2240 (i
> use soulseek on those ports), but port 80 is closed, since i have
> blackice set to PARANOID.
If you have BlackIce set on Paranoid, then all the ports from 1-65535 TCP
and UDP are closed.
The only way the ports will be opened is if an application running behind
BI on your machine solicits inbound traffic from an IP due to the
application on your machine sending outbound traffic to the IP.
> Everything was working fine for months, but now i get a lot of attacks
> reported.
> I know i can trust and accept events from an intruder, setting this
> ON, eliminate the attacks report, but i have a DSL connection, so the
> IP addres change once a day, so the solution is useless.
You can just *Ignore the Event* by right-clicking on the Event line and
selecting Ignore. That doesn't mean that BI is not protecting. It just
means that BI will not report it. I think BI still logs the events and
you can use VisualIce (free) uses Google, if you not already using
VisualIce.
> Anyway everything is working fine, i mean, intrusions on soulseek port
> 2234 port are reported, but it seems that do not not affect the
> tranfers or correct program functionality.
> If anybody have experienced this and have a solution or explanation i
> will thank you to share it with me.
> or maybe be is a blackice bug?
You can get False Positives using an IDS application. I hear that doing
downloads with a program using many ports at the same time, BI will give
False Positives on the ports.
Duane :)
- Next message: \: "Re: Symantec newsgroups?"
- Previous message: Bryce: "Re: attn: Duane or David (or anyone) -- router question and ip address question"
- In reply to: Mariano: "blackice reports localhost intrusions !?!?!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
