Avast WEBforum

Other => General Topics => Topic started by: bob3160 on August 18, 2004, 02:37:25 PM

Title: If You Use ZONE ALARM you NEED This
Post by: bob3160 on August 18, 2004, 02:37:25 PM
If you use ZoneAlarm (Free or Pro.)and have ever wanted to trace attacks shown in the log, you need THIS (http://visualize.phenominet.com/visualzone/visualzone.htm)
Very Interesting and it's FREE. ::) ::) ::)
Title: Re:If You Use ZONE ALARM you NEED This
Post by: trigger on August 18, 2004, 03:10:46 PM
Cool!

Peter
Title: Re:If You Use ZONE ALARM you NEED This
Post by: Eddy on August 18, 2004, 03:26:34 PM
I mostly use THIS SITE (http://www.dnsstuff.com) to trace, query and such.
Title: Re:If You Use ZONE ALARM you NEED This
Post by: bob3160 on August 18, 2004, 03:53:49 PM
Eddy the big difference is this one is directly integrated with ZA.
They also make a version for BlackIce.
Title: Re:If You Use ZONE ALARM you NEED This
Post by: Gene Johnson on August 18, 2004, 04:09:23 PM
Bob: It looks interesting. Loads fine. Appears to be useful and easy to use. Thanks.  ;)
Title: Re:If You Use ZONE ALARM you NEED This
Post by: SKYCOMP on August 20, 2004, 03:48:54 AM
I'm surprised at you bob3160 that you didn't also offer this.....

http://zonelog.co.uk/ (http://zonelog.co.uk/)

 8)
Title: Re:If You Use ZONE ALARM you NEED This
Post by: Lisandro on August 20, 2004, 03:59:56 AM
Well, SKYCOMP, Zonelog is not a freeware as VisualZone :-\
Worse, as I can see by the webpage, the features are the same (even the submition to DShild.org.  :'(
Title: Re:If You Use ZONE ALARM you NEED This
Post by: CharleyO on August 20, 2004, 05:41:53 AM
*

I wish I had thought to mention VisualZone as Bob did. I've used that for about 3 years now. It's a great free program!    :)  

Hmmm ... did someone redesign VZ's interface to be Zonelog?    ???  

*

Title: Re:If You Use ZONE ALARM you NEED This
Post by: lee20 on August 20, 2004, 12:42:02 PM
Does anyone know of one for sygate?

--lee
Title: Re:If You Use ZONE ALARM you NEED This
Post by: SKYCOMP on August 22, 2004, 01:01:07 AM
Quote
Does anyone know of one for sygate?

Likewise here, will there ever be one for Kerio also.
Title: Re:If You Use ZONE ALARM you NEED This
Post by: Hammer on August 22, 2004, 08:05:13 PM
I'm presuming it should work with the Security Suite edition?
Title: Re:If You Use ZONE ALARM you NEED This
Post by: bob3160 on August 23, 2004, 06:25:45 AM
 Hi Hammer,
Quote
I'm presuming it should work with the Security Suite edition?
It's still ZA just with siome extras and it still produces a log for the firewall portion of the program. And that's what this program analyzes.
Title: Re:If You Use ZONE ALARM you NEED This
Post by: grumpy on August 25, 2004, 09:49:43 PM
I'm downloading VisualZone now. How do you get it to scan the ZA logs, or even just launch VZ? 8)
PS I'm on Win 98SE.
Title: Re:If You Use ZONE ALARM you NEED This
Post by: Lisandro on August 25, 2004, 10:14:43 PM
I'm downloading VisualZone now. How do you get it to scan the ZA logs, or even just launch VZ? 8)
PS I'm on Win 98SE.

Menu Arquive (or File) > Set the default folder for ZoneAlarm logs (generally, C:\Windows\Internet Logs\*.txt, see into ZA settings for logs).
I don't remember more if I'm correct... I stoped using ZA free intead of Outpost free  ;)
Title: Re:If You Use ZONE ALARM you NEED This
Post by: bob3160 on August 26, 2004, 04:00:16 AM
I'm downloading VisualZone now. How do you get it to scan the ZA logs, or even just launch VZ? 8)
PS I'm on Win 98SE.
You lost me? Howdo you launch any program? Double click it and it automatically imports the ZA Log file and then analyzes it.
Title: Re:If You Use ZONE ALARM you NEED This
Post by: Lisandro on August 27, 2004, 04:06:58 AM
Bob, again, you said the same of me with easier words  ;)
Thank you  8)
Title: Re:If You Use ZONE ALARM you NEED This
Post by: bob3160 on August 27, 2004, 03:54:25 PM
Technical
We both have a post at exactly the same time. Answering the same question. That can get confusing. ???
Title: Re:If You Use ZONE ALARM you NEED This
Post by: Sojourner on August 27, 2004, 05:01:48 PM
Bob,
Do we need to trace attacks? Is it just curiosity or is there something we can do after the trace? (I have not yet had an attack.)  :)
Title: Re:If You Use ZONE ALARM you NEED This
Post by: bob3160 on August 27, 2004, 05:33:48 PM
Sojourner,
Only if your curious. I just use it for info.
Title: Re:If You Use ZONE ALARM you NEED This
Post by: CharleyO on August 27, 2004, 09:11:45 PM
*

Sojourner - You most likely have had attacks. You just don't know it because ZA has not told you. That could be from the settings you have in the program.

As an example, about 3 years ago several students at UNC-CH tried quite a few times to get into my computer. Using ZA logs alone gave me no clue who was doing this. But, with VZ, I was able to track down where it was coming from ... right down to the physical longitude & latitude.

When I first contacted UNC-CH computer authorities, they said the ZA logs didn't give them enough info to track down who on the campus was doing this. With the physical information & logs given from VZ, the attacks stopped.

And, if you are often getting attacks from certain companies or individuals, you can report these to agencies that track and report the offending companies and/or individuals. But, please make sure these need to be reported before doing so. It may be better to first contact the source as I did in the above example.

*
Title: Re:If You Use ZONE ALARM you NEED This
Post by: Gene Johnson on August 27, 2004, 11:32:30 PM
Sojourner: Pull up the ZoneAlarm screen and go to Alerts and Logs>logviewer to see about attacks. Also see overview>main to see how many. I usually get a couple of hits every minute.  The comp at work is up to 125,000 hits! And that just in a couple of months.

Gene...........
Title: Re:If You Use ZONE ALARM you NEED This
Post by: Sojourner on August 28, 2004, 12:52:59 AM
Description      Packet sent from 192.168.254.1 (UDP Port 1030) to 192.168.254.254 (DNS) was blocked

Rating           Medium

Date / Time      2004/08/23 08:25:46-5:00 GMT

Type             Firewall

Protocol         UDP

Program          Generic Host Process for Win32 Services

Source IP        192.168.254.1:1030

Destination IP   192.168.254.254:53

Direction        Outgoing

Action Taken     Blocked

Count            2

Source DNS       D925N441

Destination DNS  
This is all I have; it looks like something I blocked that I shouldn't have? I looked at the last 50 entries. Do you know what this is?
Title: Re:If You Use ZONE ALARM you NEED This
Post by: Lisandro on August 28, 2004, 02:53:57 AM
Technical
We both have a post at exactly the same time. Answering the same question. That can get confusing. ???

I can't (you either) know that you were here, at that time, answering the same question... It's impossible to the users know who is answering a thread right now  :-[
Title: Re:If You Use ZONE ALARM you NEED This
Post by: CharleyO on August 28, 2004, 09:53:42 AM
*

Sojourner - That Source IP is for IANA which means Internet Assigned Numbers Authority. This is not an attack (at least not a malicious one) and is no threat.

If you will notice, the Direction was Outgoing. The ones that you might be suspicious of are the Directions that are Incoming. But, even those are not all bad. Another thing to look at is the Rating. A rating of High would be one to make you suspicious.

And Gene is right in that you will probably get quite a few of these each minute ... even more if you are surfing much by jumping from web page to web page.

Do not worry ... you did nothing wrong. As long as you are not having trouble moving around on the internet you need not make any changes in ZA.

I hope this helps you.    :)

*
Title: Re:If You Use ZONE ALARM you NEED This
Post by: Sojourner on August 28, 2004, 04:42:31 PM
Hi Charley,
Thank you for answering;   :)
I have some questions ---
I did notice "Outgoing"; that is what made me think I had blocked something that looked like it needed to access the Internet, and the other information looked harmless, but why did it say the threat was "Moderate"?

If I have "Incoming" threats, where are they?. I went back to more than 100, and they are all this same one I posted, no others.  ???
Title: Re:If You Use ZONE ALARM you NEED This
Post by: CharleyO on August 31, 2004, 10:44:36 AM
*

Sojourner - I really don't know why they gave that a Moderate rating. If you have no "Incoming" listings, concider yourself very lucky!    :)  

*