Avast WEBforum
Other => General Topics => Topic started by: bob3160 on August 18, 2004, 02:37:25 PM
-
If you use ZoneAlarm (Free or Pro.)and have ever wanted to trace attacks shown in the log, you need THIS (http://visualize.phenominet.com/visualzone/visualzone.htm)
Very Interesting and it's FREE. ::) ::) ::)
-
Cool!
Peter
-
I mostly use THIS SITE (http://www.dnsstuff.com) to trace, query and such.
-
Eddy the big difference is this one is directly integrated with ZA.
They also make a version for BlackIce.
-
Bob: It looks interesting. Loads fine. Appears to be useful and easy to use. Thanks. ;)
-
I'm surprised at you bob3160 that you didn't also offer this.....
http://zonelog.co.uk/ (http://zonelog.co.uk/)
8)
-
Well, SKYCOMP, Zonelog is not a freeware as VisualZone :-\
Worse, as I can see by the webpage, the features are the same (even the submition to DShild.org. :'(
-
*
I wish I had thought to mention VisualZone as Bob did. I've used that for about 3 years now. It's a great free program! :)
Hmmm ... did someone redesign VZ's interface to be Zonelog? ???
*
-
Does anyone know of one for sygate?
--lee
-
Does anyone know of one for sygate?
Likewise here, will there ever be one for Kerio also.
-
I'm presuming it should work with the Security Suite edition?
-
Hi Hammer,
I'm presuming it should work with the Security Suite edition?
It's still ZA just with siome extras and it still produces a log for the firewall portion of the program. And that's what this program analyzes.
-
I'm downloading VisualZone now. How do you get it to scan the ZA logs, or even just launch VZ? 8)
PS I'm on Win 98SE.
-
I'm downloading VisualZone now. How do you get it to scan the ZA logs, or even just launch VZ? 8)
PS I'm on Win 98SE.
Menu Arquive (or File) > Set the default folder for ZoneAlarm logs (generally, C:\Windows\Internet Logs\*.txt, see into ZA settings for logs).
I don't remember more if I'm correct... I stoped using ZA free intead of Outpost free ;)
-
I'm downloading VisualZone now. How do you get it to scan the ZA logs, or even just launch VZ? 8)
PS I'm on Win 98SE.
You lost me? Howdo you launch any program? Double click it and it automatically imports the ZA Log file and then analyzes it.
-
Bob, again, you said the same of me with easier words ;)
Thank you 8)
-
Technical
We both have a post at exactly the same time. Answering the same question. That can get confusing. ???
-
Bob,
Do we need to trace attacks? Is it just curiosity or is there something we can do after the trace? (I have not yet had an attack.) :)
-
Sojourner,
Only if your curious. I just use it for info.
-
*
Sojourner - You most likely have had attacks. You just don't know it because ZA has not told you. That could be from the settings you have in the program.
As an example, about 3 years ago several students at UNC-CH tried quite a few times to get into my computer. Using ZA logs alone gave me no clue who was doing this. But, with VZ, I was able to track down where it was coming from ... right down to the physical longitude & latitude.
When I first contacted UNC-CH computer authorities, they said the ZA logs didn't give them enough info to track down who on the campus was doing this. With the physical information & logs given from VZ, the attacks stopped.
And, if you are often getting attacks from certain companies or individuals, you can report these to agencies that track and report the offending companies and/or individuals. But, please make sure these need to be reported before doing so. It may be better to first contact the source as I did in the above example.
*
-
Sojourner: Pull up the ZoneAlarm screen and go to Alerts and Logs>logviewer to see about attacks. Also see overview>main to see how many. I usually get a couple of hits every minute. The comp at work is up to 125,000 hits! And that just in a couple of months.
Gene...........
-
Description Packet sent from 192.168.254.1 (UDP Port 1030) to 192.168.254.254 (DNS) was blocked
Rating Medium
Date / Time 2004/08/23 08:25:46-5:00 GMT
Type Firewall
Protocol UDP
Program Generic Host Process for Win32 Services
Source IP 192.168.254.1:1030
Destination IP 192.168.254.254:53
Direction Outgoing
Action Taken Blocked
Count 2
Source DNS D925N441
Destination DNS
This is all I have; it looks like something I blocked that I shouldn't have? I looked at the last 50 entries. Do you know what this is?
-
Technical
We both have a post at exactly the same time. Answering the same question. That can get confusing. ???
I can't (you either) know that you were here, at that time, answering the same question... It's impossible to the users know who is answering a thread right now :-[
-
*
Sojourner - That Source IP is for IANA which means Internet Assigned Numbers Authority. This is not an attack (at least not a malicious one) and is no threat.
If you will notice, the Direction was Outgoing. The ones that you might be suspicious of are the Directions that are Incoming. But, even those are not all bad. Another thing to look at is the Rating. A rating of High would be one to make you suspicious.
And Gene is right in that you will probably get quite a few of these each minute ... even more if you are surfing much by jumping from web page to web page.
Do not worry ... you did nothing wrong. As long as you are not having trouble moving around on the internet you need not make any changes in ZA.
I hope this helps you. :)
*
-
Hi Charley,
Thank you for answering; :)
I have some questions ---
I did notice "Outgoing"; that is what made me think I had blocked something that looked like it needed to access the Internet, and the other information looked harmless, but why did it say the threat was "Moderate"?
If I have "Incoming" threats, where are they?. I went back to more than 100, and they are all this same one I posted, no others. ???
-
*
Sojourner - I really don't know why they gave that a Moderate rating. If you have no "Incoming" listings, concider yourself very lucky! :)
*