My Firewall logs vs. the top 10
Results 1 to 5 of 5

Thread: My Firewall logs vs. the top 10

  1. #1
    Junior Member
    Join Date
    Feb 2004

    Question My Firewall logs vs. the top 10

    Ok, why is it that my logs are not even remotely close to the Top Ten Trends @
    the internet storm center? I understand that different regions will have varying
    probes, and certain ISP's may or may not be blocking certain ports.But why do I
    see all these assorted attacks in the Top Ten, but my logs look the same month
    after month.

    [gloworange]90% - Ports - 1026,1027,1028[/gloworange]

    [glowpurple]5% - Ports - 17300, 27374 [Kuang2, Sub][/glowpurple]

    5% - ICMP - 8/0

    Why can't I be attacked like normal kids?

  2. #2
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    perhaps they are being blocked elsewhere, or perhaps the firewall you are using is not set to log ( or block ) everything.

    You said in another post you are behind a SOHO firewall, and use Zone Alarm. Which is this list from ? And are these incoming or outgoing blocks ?

    ( Im guessing, but you use ICQ ? )
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  3. #3
    Junior Member
    Join Date
    Feb 2004

    Firewall logs

    Didn't mean to mislead anyone but as far as the internet side I am on AOL [yeah, I know, I know, AOL creates negative air pressure , when I get back to working I'll be back on cable]

    Anyway to answer your question, here is my situation - Aol dialup, these are Visual Zone logs from behind ZoleAlarm , firewall set to High, program logging set on high, event logging on ,
    event logs = show all alerts. VisualZone is set to include non-attacks, I'm pretty sure I'm in full geek mode as far as the logs. These are incoming blocks and I have never used ICQ.


  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington
    You are a totally unloved person? are not worth "pinging"

    Only joking! as you rightly observe, there are regional variations, variations with the ISP/subnet you are on, and so forth.

    I think another aspect is that these statistics are not "means" or averages. Where, +9 and -9 give a mean value of zero. You just might not be in the area where these values were generated.? Peaks get to the top of the poll?

    Also, I have never reported my stats to the Storm Center?..............bit like an opinion poll held on the highstreet at 3am ?...............only the guys with votes get to make the ratings?

    Just a few thoughts?


  5. #5
    Junior Member
    Join Date
    Feb 2004
    Thanks you two.... all is well then. And nihil, I just called my mother, she wants YOUR IP!
    Maybe somebody with some clout around here can start a poll in order to see what AO members are being hit with at home. nihil?

    The magnitude of a threat is inversely proportional to its frequency. - Courtney

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts