Re: How to tell if a firewall alert is suspicious or not
From: Volker Birk (bumens_at_dingens.org)
Date: 15 Sep 2005 19:14:08 +0200
Gerard Schroeder <Gshroeder22031@hotmail.com> wrote:
> I thank you for your detailed suggestions summarized below as:
> 1. There exists innocent common connections reported by the firewall
> Regarding the first interesting comment above:
> - Is there a site where all the common innocent connections are listed?
I don't know one. And I think, this will not be possible. There are
too many possibilities for these. Why using a "Personal Firewall" at all,
which is showing useless Popups?
> Regarding looking up the NAME of the IP address:
> - WHY would my DNS provider suddently connect (this does not happen often)?
There may be many reasons for this.
> Regarding the content of the incoming packets:
> - Sygate Personal Firewall 5.6 provides a Yes/No/Details response
> - The DETAILS button gives more information (cryptic to me, a novice).
> - Again I wonder if there is a list of known non-dangerous contacts.
The point is, that this is a b0rken concept to ask the only person,
who for sure does not know what to do here - you, the user.
It's OK, that not everybody is a networking expert. A good security solution
has to work _without_ asking the user.
> For we novices who still desire basic firewall protection, it would be nice
> to refer to a list of known generally non-dangerous requests to accept.
Why not using the Windows-Firewall and not having such problems?
-- "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in deutschen Schlafzimmern passiert". Harald Schmidt zum "Weltjugendtag"