Firewalls & What do you see ?
Results 1 to 5 of 5

Thread: Firewalls & What do you see ?

  1. #1
    Senior Member
    Join Date
    Oct 2003
    Posts
    707

    Firewalls & What do you see ?

    Like most of us who are new to firewalls [ me ] and have only been using them for awhile. We always seem to have dumb looks on our faces when we look at our firewall logs and we see :

    [Zone Alarm Log File Example]
    [I.P. numbers were changed ...]

    FWIN,2003/11/21,02:17:54 -5:00 GMT,245.22.333.33:0,256.34.56.88:0,ICMP (type:8/subtype:0)
    FWIN,2003/11/21,02:21:36 -5:00 GMT,234.34.456.45:0,234.33.345.00:0,ICMP (type:8/subtype:0)
    FWIN,2003/11/21,02:23:06 -5:00 GMT,245.45.456.678:0,234.56.678.45:0,ICMP (type:8/subtype:0)
    FWIN,2003/11/21,02:24:12 -5:00 GMT,267.45.567.56:0,245.456.678.67:0,ICMP (type:8/subtype:0)
    PE,2003/11/21,02:30:16 -5:00 GMT,Outlook Express,167.345.678.45:53,N/A

    Have you ever wanted to know what all this numbers and funny looking names mean ... Well while doing some searching on the net I stumbled upon this webpage:

    http://www.robertgraham.com/pubs/firewall-seen.html


    "This document explains what you see in firewall logs, especially what port numbers means. You can use this information to help figure out what hackers/worms are up to.

    This document is intended for both security-experts maintaining corporate firewalls as well as home users of personal firewalls."
    Well I thought that I would share this info with you guys and I hope that it helps many of you to better understand all that cryptic info recorded by your firewalls. That a lot of us just dont quite fully understand.

    The Document Is Titled " FAQ: Firewall Forensics (What Am I Seeing)"

    Also on this website this is 3 other FAQ's and they are follows:

    IDS FAQ:http://www.robertgraham.com/pubs/net...detection.html

    "All about network intrusion detection systems, how to sniff intruder's traffic from the wire and figure out if the traffic is hostile."
    Sniffing FAQ:http://www.robertgraham.com/pubs/sniffing-faq.html

    "General information on how to sniff traffic from the wire, including a guide on how to interpret what the bits/bytes mean."
    Firewall Pr0n FAQ:http://www.robertgraham.com/pubs/firewall-pr0n.html

    "System administrators of all types, but especially firewall admins and IDS admins, see the trails of porn surfing. Mostly, is just more embarrassing for the parties involved.
    If any of you know of any other websites,documents etc .. please feel free to add the links so that we can all gain more understanding and knowledge."
    This is a list of sites that I think are worthwhile checking ... I would have posted more links but I know that some people would probably not like that hope that you find these links useful as I have.
    http://www.counterpane.com
    http://www.snort.org
    http://www.wilders.org
    http://www.blackhat.com
    http://www.linuxquestions.org
    http://www.packetstormsecurity.nl
    http://www.insecure.org
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  2. #2
    Senior Member
    Join Date
    Sep 2003
    Posts
    554
    Ok now that defiantly explained alott.
    Thanks Agent for the helpfull information.
    I learnt something knew on a subject that i already know a fair bit about.

    Thanks man

    creative

  3. #3
    Senior Member
    Join Date
    Jul 2003
    Posts
    114
    Nice going man. I used to have a proggie that would read the .log file and display it in an understandable way. But it is nice to know how to do the decoding myself
    good work

  4. #4
    Banned
    Join Date
    Apr 2003
    Posts
    3,839
    very nice website, now i understand quiet a bi mote then i used to. Also AO uses["quote"] and ["/quote"](without the quotation marks) and not [/end quote] Tx for the website.

  5. #5
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    I apologize for the quoting I forgot to fix it and Ms.M pointed it to me well I have fixed it. If I do find some more links/ files on the net that I hope will help newbies like me and others learn well I will post them and let you guys know.
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •