ZA Logs as requested

From: PCFirewire (pcfirewire_at_yahoo.com)
Date: 12/22/03 

Date: 22 Dec 2003 07:12:37 -0800

NeoSadist <neosad1st@charter.net> wrote in message news:<vu926a8jt2sj1b@corp.supernews.com>...
>
> WHAT?! First off, if it's ping of death, you need to run windows update and
> get that patched. There shouldn't be any systems vulnerable to that
> anymore, and most firewalls should also block any packets over a certain
> size.

I keep Windows updated. Since reading these replies I received a Zone
Alarm update notice so updated to 4.5.538.000. Also updated Trillian
and Anti virus. Updating the antivirus is a nobrainer. It always is
current as is my OS updates. [Win98SE]

What size is a reasonable packet? If that feature is only available
with ZAP I will certainly pay for the full version. I have tried ZAP
and find it clumsy to turn off some filtering such as popups and java
when I need only that turned off. That is the only reason I have not
updated to the pro version. Perhaps I didn't find the hot button to do
that.

> No, the point is that this should NOT be happening. Save your zone alarm
> logs and start complaining to their tech support. Also, please post your
> logs to this newsgroup -- I want to see the logs.

Since I updated ZA I will send them directly to ZA with Bluescreen
info time etc. Here is a log that may or may not contain a severe
attack. I don't remember a date of a severe attack.

ZoneAlarm Logging Client v4.5.530.000
Windows 98-4.10.2222- A -SP
type,date,time,source,destination,transport
FWIN,2003/12/19,15:13:46 -5:00
GMT,64.185.174.160:4432,64.186.199.51:135,TCP (flags:S)
FWIN,2003/12/19,15:14:06 -5:00 GMT,64.186.99.31:0,64.186.199.51:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/19,15:14:44 -5:00
GMT,67.122.33.192:2692,64.186.199.51:445,TCP (flags:S)
FWIN,2003/12/19,15:20:16 -5:00
GMT,64.186.199.106:0,64.186.199.51:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,15:24:26 -5:00
GMT,82.80.12.191:3946,64.186.199.51:135,TCP (flags:S)
FWIN,2003/12/19,15:24:42 -5:00
GMT,82.80.12.191:3403,64.186.199.51:445,TCP (flags:S)
FWIN,2003/12/19,15:25:18 -5:00
GMT,64.185.148.176:0,64.186.199.51:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,15:26:24 -5:00
GMT,64.185.168.246:0,64.186.199.51:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,15:27:36 -5:00 GMT,64.185.24.32:0,64.186.199.51:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/19,15:30:30 -5:00
GMT,64.185.132.194:0,64.186.199.51:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,15:32:08 -5:00
GMT,64.186.199.128:0,64.186.199.51:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,15:35:26 -5:00
GMT,64.185.169.188:0,64.186.199.51:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,15:35:34 -5:00
GMT,64.186.106.211:0,64.186.199.51:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,15:36:28 -5:00 GMT,64.187.66.47:0,64.186.199.51:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/19,15:37:56 -5:00
GMT,64.185.167.123:0,64.186.199.51:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,15:40:24 -5:00
GMT,64.185.134.192:0,64.186.199.51:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,15:40:28 -5:00
GMT,62.57.230.112:1314,64.186.199.51:135,TCP (flags:S)
FWIN,2003/12/19,15:40:28 -5:00
GMT,217.227.253.20:2636,64.186.199.51:1433,TCP (flags:S)
FWIN,2003/12/19,15:40:56 -5:00
GMT,64.186.100.40:4438,64.186.199.51:135,TCP (flags:S)
FWIN,2003/12/19,15:46:26 -5:00
GMT,64.185.163.241:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,15:48:14 -5:00
GMT,64.187.40.213:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,15:49:34 -5:00
GMT,64.185.62.79:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,15:51:46 -5:00
GMT,64.185.173.175:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,15:52:54 -5:00
GMT,64.185.225.160:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,15:53:10 -5:00
GMT,64.186.195.55:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,15:53:42 -5:00
GMT,67.123.145.113:1966,64.186.198.166:135,TCP (flags:S)
FWIN,2003/12/19,15:55:50 -5:00
GMT,64.186.106.226:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,15:57:08 -5:00
GMT,64.185.100.98:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,15:57:10 -5:00
GMT,220.173.241.157:0,64.186.198.166:0,ICMP (type:8/subtype:0)
PE,2003/12/19,16:00:14 -5:00 GMT,Zone Labs Client,127.0.0.1:8080,N/A
FWIN,2003/12/19,16:00:18 -5:00
GMT,64.185.62.236:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,16:01:14 -5:00
GMT,64.186.195.52:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,16:01:50 -5:00
GMT,64.186.243.218:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,16:02:12 -5:00
GMT,64.185.223.8:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,16:04:14 -5:00
GMT,66.117.20.240:3723,64.186.198.166:1434,UDP
FWIN,2003/12/19,16:06:28 -5:00
GMT,64.185.26.251:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,16:09:12 -5:00
GMT,64.185.135.64:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,16:11:20 -5:00
GMT,64.186.234.93:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,16:13:18 -5:00
GMT,64.185.128.14:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,16:13:52 -5:00
GMT,64.185.172.194:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,16:16:52 -5:00
GMT,64.186.99.83:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,16:17:24 -5:00
GMT,64.186.255.41:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,16:17:30 -5:00
GMT,211.106.67.190:34865,64.186.198.166:6112,TCP (flags:S)
FWIN,2003/12/19,16:18:26 -5:00
GMT,64.186.198.83:0,64.186.198.166:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,16:50:54 -5:00
GMT,64.185.168.246:3230,64.186.198.28:135,TCP (flags:S)
FWIN,2003/12/19,16:50:54 -5:00
GMT,64.186.108.83:3074,64.186.198.28:135,TCP (flags:S)
FWIN,2003/12/19,16:51:44 -5:00
GMT,64.185.165.245:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,16:52:22 -5:00 GMT,64.187.1.238:0,64.186.198.28:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/19,16:54:32 -5:00 GMT,64.185.24.15:0,64.186.198.28:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/19,16:54:42 -5:00
GMT,64.186.235.42:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,16:54:46 -5:00 GMT,64.187.40.97:0,64.186.198.28:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/19,16:57:20 -5:00
GMT,64.180.10.95:4152,64.186.198.28:135,TCP (flags:S)
FWIN,2003/12/19,16:58:30 -5:00
GMT,64.185.134.192:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:01:06 -5:00
GMT,213.154.75.60:57664,64.186.198.28:1556,TCP (flags:S)
FWIN,2003/12/19,17:03:36 -5:00
GMT,64.222.226.18:2245,64.186.198.28:135,TCP (flags:S)
FWIN,2003/12/19,17:03:56 -5:00
GMT,64.222.226.18:4539,64.186.198.28:445,TCP (flags:S)
FWIN,2003/12/19,17:08:24 -5:00
GMT,64.185.173.175:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:09:06 -5:00 GMT,64.185.62.79:0,64.186.198.28:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/19,17:09:18 -5:00
GMT,212.194.175.49:2961,64.186.198.28:135,TCP (flags:S)
FWIN,2003/12/19,17:12:52 -5:00
GMT,64.185.36.157:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:13:06 -5:00
GMT,64.186.102.110:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:13:18 -5:00 GMT,64.185.62.93:0,64.186.198.28:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/19,17:13:24 -5:00
GMT,64.187.93.147:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:13:24 -5:00
GMT,64.185.164.246:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:14:08 -5:00
GMT,64.185.24.170:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:14:28 -5:00
GMT,64.185.134.131:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:17:10 -5:00
GMT,64.185.28.241:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:21:18 -5:00
GMT,64.186.255.20:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:22:40 -5:00
GMT,64.186.102.56:3298,64.186.198.28:135,TCP (flags:S)
FWIN,2003/12/19,17:24:00 -5:00
GMT,64.185.157.231:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:24:08 -5:00 GMT,64.187.66.47:0,64.186.198.28:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/19,17:24:08 -5:00
GMT,64.185.24.242:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:25:38 -5:00
GMT,64.186.108.140:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:28:06 -5:00
GMT,64.157.146.121:4720,64.186.198.28:135,TCP (flags:S)
FWIN,2003/12/19,17:29:34 -5:00
GMT,68.113.158.163:1675,64.186.198.28:17300,TCP (flags:S)
FWIN,2003/12/19,17:30:14 -5:00
GMT,64.185.137.13:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:30:34 -5:00
GMT,24.239.215.123:4623,64.186.198.28:135,TCP (flags:S)
FWIN,2003/12/19,17:32:04 -5:00
GMT,64.185.162.249:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:32:30 -5:00
GMT,64.186.255.41:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:33:46 -5:00
GMT,64.185.153.205:2946,64.186.198.28:135,TCP (flags:S)
FWIN,2003/12/19,17:34:36 -5:00
GMT,64.185.158.17:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:35:34 -5:00
GMT,64.185.175.215:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:36:32 -5:00
GMT,81.182.103.27:2910,64.186.198.28:135,TCP (flags:S)
FWIN,2003/12/19,17:40:12 -5:00
GMT,24.81.185.34:2785,64.186.198.28:445,TCP (flags:S)
FWIN,2003/12/19,17:40:14 -5:00
GMT,64.186.195.55:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:41:22 -5:00
GMT,64.185.137.16:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:42:48 -5:00
GMT,64.185.163.143:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:43:06 -5:00
GMT,64.185.163.136:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:43:52 -5:00
GMT,64.185.36.205:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:44:34 -5:00
GMT,64.186.195.28:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:46:06 -5:00 GMT,64.187.5.37:0,64.186.198.28:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/19,17:49:20 -5:00
GMT,64.185.62.236:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:51:42 -5:00 GMT,64.185.61.84:0,64.186.198.28:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/19,17:53:08 -5:00
GMT,211.217.234.152:2127,64.186.198.28:25,TCP (flags:S)
FWIN,2003/12/19,17:53:14 -5:00 GMT,64.187.40.97:0,64.186.198.28:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/19,17:55:24 -5:00
GMT,24.193.93.57:2754,64.186.198.28:135,TCP (flags:S)
FWIN,2003/12/19,17:56:20 -5:00 GMT,64.186.58.81:0,64.186.198.28:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/19,17:56:32 -5:00
GMT,64.185.135.90:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:58:06 -5:00
GMT,64.185.130.36:1448,64.186.198.28:135,TCP (flags:S)
FWIN,2003/12/19,17:58:26 -5:00
GMT,64.186.234.93:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,17:59:10 -5:00 GMT,64.187.32.28:0,64.186.198.28:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/19,18:00:18 -5:00
GMT,64.187.66.212:0,64.186.198.28:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:21:40 -5:00
GMT,64.186.199.71:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:22:08 -5:00
GMT,64.186.198.106:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:28:14 -5:00
GMT,64.185.165.245:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:30:18 -5:00
GMT,64.186.108.71:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:31:12 -5:00
GMT,64.185.96.144:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:31:42 -5:00
GMT,64.158.94.232:4423,64.186.199.153:135,TCP (flags:S)
FWIN,2003/12/19,18:33:54 -5:00
GMT,64.185.135.64:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:34:14 -5:00
GMT,64.185.148.176:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:34:24 -5:00
GMT,64.185.36.141:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:34:28 -5:00
GMT,64.185.132.194:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:34:36 -5:00
GMT,66.8.63.136:6908,64.186.199.153:137,UDP
FWIN,2003/12/19,18:34:36 -5:00
GMT,64.187.93.29:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:34:42 -5:00
GMT,80.37.93.55:2815,64.186.199.153:135,TCP (flags:S)
FWIN,2003/12/19,18:36:08 -5:00
GMT,24.57.55.158:1966,64.186.199.153:445,TCP (flags:S)
FWIN,2003/12/19,18:38:10 -5:00
GMT,64.185.166.121:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:41:42 -5:00
GMT,64.185.24.242:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:43:26 -5:00 GMT,64.187.5.73:0,64.186.199.153:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/19,18:44:00 -5:00
GMT,64.186.198.68:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:44:18 -5:00
GMT,64.60.11.29:3399,64.186.199.153:1433,TCP (flags:S)
FWIN,2003/12/19,18:46:04 -5:00
GMT,64.187.1.238:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:46:10 -5:00
GMT,64.185.164.246:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:46:46 -5:00
GMT,64.186.235.42:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:46:56 -5:00
GMT,64.185.22.155:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:48:46 -5:00
GMT,64.185.24.170:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:48:56 -5:00
GMT,64.186.255.41:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:50:18 -5:00
GMT,64.185.24.15:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:50:42 -5:00
GMT,64.186.58.55:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:51:12 -5:00
GMT,64.187.93.163:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:51:14 -5:00
GMT,64.185.128.14:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:51:44 -5:00
GMT,64.187.40.97:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:52:14 -5:00
GMT,64.185.26.251:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:56:00 -5:00
GMT,24.82.208.100:4435,64.186.199.153:445,TCP (flags:S)
FWIN,2003/12/19,18:56:50 -5:00
GMT,64.185.170.169:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:57:00 -5:00
GMT,64.185.61.233:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,18:58:44 -5:00
GMT,64.185.137.16:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,19:00:48 -5:00
GMT,64.185.174.209:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,19:01:20 -5:00
GMT,64.186.198.146:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,19:02:42 -5:00
GMT,64.185.100.98:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,19:07:10 -5:00
GMT,64.185.225.31:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,19:10:22 -5:00
GMT,64.185.130.104:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,19:12:46 -5:00
GMT,64.187.40.71:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,19:13:12 -5:00
GMT,64.185.173.238:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,19:13:40 -5:00
GMT,64.185.173.229:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,19:14:16 -5:00
GMT,64.185.135.90:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/19,19:15:12 -5:00
GMT,64.185.134.192:0,64.186.199.153:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,05:19:56 -5:00
GMT,64.185.134.131:0,64.186.199.95:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,05:20:00 -5:00 GMT,66.152.15.10:0,64.186.199.95:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/20,05:20:02 -5:00
GMT,64.185.162.120:0,64.186.199.95:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,05:20:40 -5:00 GMT,61.49.150.21:0,64.186.199.95:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/20,05:20:40 -5:00 GMT,65.31.228.26:0,64.186.199.95:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/20,05:25:42 -5:00
GMT,64.186.255.20:0,64.186.198.115:0,ICMP (type:8/subtype:0)
PE,2003/12/20,05:28:12 -5:00 GMT,Zone Labs Client,127.0.0.1:8080,N/A
FWIN,2003/12/20,05:30:22 -5:00
GMT,80.50.131.163:3515,64.186.198.115:135,TCP (flags:S)
FWIN,2003/12/20,05:30:34 -5:00
GMT,64.185.162.249:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,05:31:08 -5:00
GMT,141.155.136.188:4385,64.186.198.115:135,TCP (flags:S)
FWIN,2003/12/20,05:34:14 -5:00
GMT,64.186.234.173:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,05:34:26 -5:00
GMT,64.187.67.86:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,05:37:22 -5:00
GMT,64.185.130.104:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,05:37:36 -5:00
GMT,64.186.108.155:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,05:39:04 -5:00
GMT,64.185.160.246:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,05:39:54 -5:00
GMT,64.185.165.245:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,05:43:12 -5:00
GMT,64.185.135.64:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,05:43:28 -5:00
GMT,64.185.36.157:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,05:43:54 -5:00
GMT,209.37.101.19:30359,64.186.198.115:135,TCP (flags:S)
FWIN,2003/12/20,05:45:08 -5:00
GMT,211.203.23.59:1041,64.186.198.115:137,UDP
FWIN,2003/12/20,05:47:32 -5:00
GMT,64.185.161.249:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,05:49:24 -5:00
GMT,65.42.230.108:3327,64.186.198.115:135,TCP (flags:S)
FWIN,2003/12/20,05:49:26 -5:00
GMT,65.42.230.108:3373,64.186.198.115:135,TCP (flags:S)
FWIN,2003/12/20,05:49:44 -5:00
GMT,65.42.230.108:4470,64.186.198.115:445,TCP (flags:S)
FWIN,2003/12/20,05:49:46 -5:00
GMT,65.42.230.108:4601,64.186.198.115:445,TCP (flags:S)
FWIN,2003/12/20,05:49:52 -5:00
GMT,67.37.224.173:61113,64.186.198.115:135,TCP (flags:S)
FWIN,2003/12/20,05:50:10 -5:00
GMT,67.37.224.173:61321,64.186.198.115:445,TCP (flags:S)
FWIN,2003/12/20,05:51:36 -5:00
GMT,64.186.255.41:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,05:52:26 -5:00
GMT,64.185.172.194:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,05:55:30 -5:00
GMT,64.186.235.42:0,64.186.199.127:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,05:56:16 -5:00
GMT,62.219.158.48:3868,64.186.199.127:27374,TCP (flags:S)
FWIN,2003/12/20,06:00:18 -5:00
GMT,200.182.175.2:1028,64.186.199.127:137,UDP
FWIN,2003/12/20,06:05:42 -5:00
GMT,64.185.160.178:0,64.186.199.127:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,06:07:04 -5:00
GMT,64.185.167.236:0,64.186.199.127:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,06:07:26 -5:00 GMT,64.187.5.95:0,64.186.199.127:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/20,06:14:52 -5:00
GMT,69.56.179.10:3102,64.186.198.94:4899,TCP (flags:S)
FWIN,2003/12/20,06:21:30 -5:00
GMT,64.185.26.251:0,64.186.198.94:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,06:24:38 -5:00
GMT,212.217.68.98:2952,64.186.198.94:135,TCP (flags:S)
FWIN,2003/12/20,06:24:54 -5:00
GMT,64.185.173.175:0,64.186.198.94:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,06:25:24 -5:00
GMT,64.185.135.90:0,64.186.198.94:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,06:25:36 -5:00
GMT,209.25.161.24:4120,64.186.198.94:135,TCP (flags:S)
FWIN,2003/12/20,06:25:40 -5:00
GMT,64.185.96.144:0,64.186.198.94:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,06:26:06 -5:00
GMT,64.185.161.253:0,64.186.198.94:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,06:26:18 -5:00
GMT,64.185.225.31:0,64.186.198.94:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,06:33:14 -5:00 GMT,64.187.40.97:0,64.186.198.94:0,ICMP
(type:8/subtype:0)
FWIN,2003/12/20,06:36:36 -5:00
GMT,64.186.243.218:0,64.186.198.94:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,06:42:44 -5:00
GMT,64.185.36.205:0,64.186.198.94:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,06:46:12 -5:00
GMT,64.185.162.120:0,64.186.198.94:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,06:47:56 -5:00
GMT,64.186.255.20:0,64.186.198.94:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,06:48:56 -5:00
GMT,64.185.162.249:0,64.186.198.94:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,06:50:42 -5:00
GMT,64.186.102.43:0,64.186.198.94:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,06:51:36 -5:00
GMT,204.1.226.228:137,64.186.198.94:137,UDP
FWIN,2003/12/20,06:55:20 -5:00
GMT,64.185.162.107:0,64.186.198.94:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,07:41:40 -5:00
GMT,64.185.128.96:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,07:41:42 -5:00
GMT,64.185.135.90:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,07:42:12 -5:00
GMT,64.185.137.13:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,07:44:42 -5:00
GMT,64.185.172.194:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,07:45:02 -5:00
GMT,64.185.225.31:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,07:46:00 -5:00
GMT,64.186.235.42:0,64.186.198.195:0,ICMP (type:8/subtype:0)
PE,2003/12/20,07:48:10 -5:00 GMT,Zone Labs Client,127.0.0.1:8080,N/A
FWIN,2003/12/20,07:48:40 -5:00
GMT,64.185.162.240:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,07:48:52 -5:00
GMT,64.185.134.192:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,07:51:06 -5:00
GMT,64.185.26.251:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,07:54:10 -5:00
GMT,68.88.237.86:4556,64.186.198.195:445,TCP (flags:S)
FWIN,2003/12/20,07:56:06 -5:00
GMT,64.186.243.218:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,08:00:26 -5:00
GMT,64.185.36.141:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,08:06:14 -5:00
GMT,64.187.1.238:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3599,64.186.198.195:81,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3600,64.186.198.195:83,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3601,64.186.198.195:85,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3602,64.186.198.195:1033,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3603,64.186.198.195:1075,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3634,64.186.198.195:2278,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3636,64.186.198.195:2282,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3637,64.186.198.195:3127,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3641,64.186.198.195:3128,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3665,64.186.198.195:3382,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3666,64.186.198.195:4480,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3667,64.186.198.195:5787,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3668,64.186.198.195:5490,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3669,64.186.198.195:6588,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3670,64.186.198.195:7441,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3671,64.186.198.195:8000,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3672,64.186.198.195:8080,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3673,64.186.198.195:8081,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3674,64.186.198.195:8090,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3675,64.186.198.195:8888,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3676,64.186.198.195:22788,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3677,64.186.198.195:28187,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3678,64.186.198.195:35763,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3679,64.186.198.195:46214,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3680,64.186.198.195:48316,TCP (flags:S)
FWIN,2003/12/20,08:07:20 -5:00
GMT,200.83.196.45:3681,64.186.198.195:57123,TCP (flags:S)
FWIN,2003/12/20,08:08:42 -5:00
GMT,64.185.61.72:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,08:10:08 -5:00
GMT,64.185.162.120:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,08:13:14 -5:00
GMT,64.186.255.20:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,08:17:20 -5:00
GMT,64.185.173.175:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,08:17:42 -5:00
GMT,64.185.163.187:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,08:18:28 -5:00
GMT,64.185.138.70:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,08:25:58 -5:00
GMT,64.186.198.198:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,08:27:02 -5:00
GMT,64.185.137.16:0,64.186.198.195:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,08:27:18 -5:00
GMT,64.32.116.214:4007,64.186.198.195:135,TCP (flags:S)
FWIN,2003/12/20,08:29:34 -5:00
GMT,81.215.73.204:4279,64.186.198.195:135,TCP (flags:S)
FWIN,2003/12/20,09:21:14 -5:00
GMT,64.185.26.251:0,64.186.199.66:0,ICMP (type:8/subtype:0)
PE,2003/12/20,09:21:22 -5:00 GMT,Zone Labs Client,127.0.0.1:8080,N/A
FWIN,2003/12/20,09:23:50 -5:00
GMT,221.194.106.14:1168,64.186.198.115:4000,TCP (flags:S)
FWIN,2003/12/20,09:24:38 -5:00
GMT,64.185.165.245:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,09:25:58 -5:00
GMT,61.219.244.4:3313,64.186.198.115:135,TCP (flags:S)
FWIN,2003/12/20,09:27:34 -5:00
GMT,64.185.162.120:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,09:28:40 -5:00
GMT,64.187.40.97:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,09:29:06 -5:00
GMT,64.185.128.14:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,09:31:32 -5:00
GMT,64.185.24.242:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,09:35:10 -5:00
GMT,64.185.137.13:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,09:37:12 -5:00
GMT,64.185.172.194:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,09:37:24 -5:00
GMT,64.186.235.42:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,09:38:20 -5:00
GMT,64.186.255.20:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,09:43:10 -5:00
GMT,64.185.137.16:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,09:44:56 -5:00
GMT,64.185.161.253:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWOUT,2003/12/20,09:47:10 -5:00
GMT,64.186.198.115:1191,63.208.104.72:80,TCP (flags:S)
FWIN,2003/12/20,09:47:52 -5:00
GMT,195.58.50.99:1027,64.186.198.115:137,UDP
FWIN,2003/12/20,09:49:46 -5:00
GMT,64.185.160.124:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,09:56:40 -5:00
GMT,64.187.39.29:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,09:58:56 -5:00
GMT,64.185.168.246:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,10:00:32 -5:00
GMT,64.186.255.41:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,10:01:00 -5:00
GMT,64.230.20.179:3143,64.186.198.115:135,TCP (flags:S)
FWIN,2003/12/20,10:04:12 -5:00
GMT,218.234.92.75:1058,64.186.198.115:137,UDP
FWIN,2003/12/20,10:04:30 -5:00
GMT,64.185.134.131:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,10:05:58 -5:00
GMT,64.186.195.51:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,10:06:10 -5:00
GMT,64.185.173.238:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,10:07:08 -5:00
GMT,64.185.225.160:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,10:07:10 -5:00
GMT,64.185.28.241:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,10:07:46 -5:00
GMT,64.185.167.123:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,10:10:02 -5:00
GMT,64.185.171.254:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,10:10:04 -5:00
GMT,64.187.40.229:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,10:10:16 -5:00
GMT,64.185.173.175:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,10:11:04 -5:00
GMT,64.186.198.168:0,64.186.198.115:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,10:29:58 -5:00
GMT,64.187.5.136:0,64.186.198.184:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,10:31:34 -5:00
GMT,64.187.40.149:0,64.186.198.184:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,10:35:36 -5:00
GMT,64.185.150.39:3243,64.186.198.184:135,TCP (flags:S)
FWIN,2003/12/20,10:35:38 -5:00
GMT,64.187.40.213:0,64.186.198.184:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,10:36:36 -5:00
GMT,64.185.167.156:0,64.186.198.184:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,10:39:30 -5:00
GMT,64.187.1.199:0,64.186.198.184:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,10:44:28 -5:00
GMT,64.185.138.70:0,64.186.198.184:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,12:05:02 -5:00
GMT,81.33.78.178:3585,64.186.199.59:135,TCP (flags:S)
FWIN,2003/12/20,12:05:52 -5:00
GMT,64.185.128.14:0,64.186.199.59:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,12:06:20 -5:00
GMT,64.185.129.185:0,64.186.199.59:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,12:06:42 -5:00
GMT,64.185.137.16:0,64.186.199.59:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,12:07:38 -5:00
GMT,64.185.62.103:0,64.186.199.131:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,12:08:46 -5:00
GMT,64.185.128.137:0,64.186.199.131:0,ICMP (type:8/subtype:0)
FWIN,2003/12/20,12:08:48 -5:00
GMT,64.187.5.152:0,64.186.199.131:0,ICMP (type:8/subtype:0)

>
> By the way, there are some things you can or should be able to do with your
> firewall to prevent this from happening again:
> 1) Run a port scan of your machine first, I want to know if you have open
> ports.

Have checked that many times. Also gave a tech permission to scan and
attach so he could monitor attacks and my ports. His report is that I
am as tight as Fort Knox. I suppose having an email client open or
FTP open at any given time could reveal my presence online, however I
always test stealth at ShieldsUp. My log monitor shows many NetBios
scans from infected computers from around the world. Those never seem
to give me any problem.

> 2) Put the security level of zone alarm to the max.

Yep, I do that.

> 3) Create a rule to drop ALL fragmented packets.

Creat a rule is a new function. Would need ZAP I think.

> 4) Create a rule to drop ICMP from anyone but the first hop to the internet
> (i.e. the IP of the machine you log in to when you first turn on your
> internet).
> 5) Create a rule to drop UDP from anyone out on the internet (it's harsh,
> but it could help)
> 6) Create a rule to drop any and all IGMP protocol packets.
> 7) Turn off multicasting.

Ok lots to look into here. Thanks.
>
> See, that's why I don't like personal firewalls for windows computers, due
> to them not educating their users as to what they're doing. Sure, it's
> good because a non-internet-security-knowing person can be protected by
> their firewall, but the down side is that these problems can happen and
> they really can't be prevented on the hard-core scale that it can be with
> IPTables (Linux).
> For example, I went over to the exploits area of www.pcflank.com and looked
> at what certain exploits use, then blocked them in my firewall by:
>
> 1) Blocking all fragmented packets
> 2) Only allowing pop/smtp with my isp's pop/smtp servers themselves
> 3) Only allowing DNS requests to my isp's dns servers
> 4) Only allowing dhcp/bootpc type communications with my router.
> 5) Limiting ICMP to 3/hour and to my isp's server only, to prevent
> icmp-based attacks
> 6) Making very specific rules about http, ftp, and other "normal" internet
> use (making sure that the flags of the communications match the source /
> destination, etc).
>
> So please, post the logs of your zone alarm attacks so that we can look at
> them.

I am on a dial-up connection. I have investigated Linksy's router but
not right for me. Routers are new technology to me. Have to look into
it if necessary. In the meantime, so much to do, so little time to do
it. :-))

Quantcast