ZoneAlarm has a table you can enter IP's or whatever other identifiers you want to block. :D
Printable View
ZoneAlarm has a table you can enter IP's or whatever other identifiers you want to block. :D
Stop using the zonealarm and blckice defender cos both of them having software bugs.Zonelarm is a lousy firewall which is often prone to attack.It cannot block Dos attack if someone start to ping their system and forcing it to shut down or function adnormally.At least this firewall is still the best which i tried for so many over a years of testing.Best of all it's free and i must tell you that do not install more than 1 firewalls else it will be very unstable for the system an even more prone to attack and pings.Get it here and follow the link http://www.agnitum.com
I think others have already echoed this (though I honestly haven't read through every post in complete detail), but if you're going to complain about someone scaning you, you should at least post "sanitized" versions of the logs indicating the scan so people can help you decipher it.
In the case of UDP, there are plenty of really noisy/chatty pseudo-legitimate protocols out there (DNS, traceroute just to name two). Furthermore, BlackICE has been notorious for running in promiscuous mode and reporting scans/traffic destined for another host or address - without looking at the logfiles, there's no real way to tell what it's reporting and why...
You should look at the logs and make sure that the destination address is your machine (rather than it being the source, or not being included in the alert at all).
This machine, BTW, would seem like a supporting webserver for www.ddfplus.com.
(BTW, wacky_sung, all software/firewall have bugs... I'd be suspicious of any firewall system that didn't "have bugs" - figuring it wasn't respected enough or utlized well-enough to have anyone care about it enough to beat on it)
thanks for the help, but like I said earlyer the only log file I have of the attack is in some kind of format that I can't decode. Its in *.enc. So I don't know what software would do this I will look it up later to find something. if ya want I could just snap a screen shot of my blackIce w/ the attacks in it to improvise? Also this morning I saw that there was a total of more then 20200 scans, but I also have to say that I have pretty much everything sealed up tight on this box so the secutiy is pretty good (as good as it gets for windows:)) so actulay all of the scan attempts were blocked w/out the help of blackice.
Well, if you would take the time to have read the FAQ on the BlackICE site, you might have noticed that the *.enc files from BlackICE will be read... (drum roll please) ...by a sniffing or packet capturing device! Wow!!! (*sighs quietly*) :rolleyes:
So, basically, you can take those evidence files and hand them to any serious network security type and they can put it right in their sniffer (or a software equivalent thereof (like Ethereal or similiar)) and look right at the actual packets.
Amazing how that works, I tell ya... (j/k) :D
I believe there is also a CSV file there, or something, that should give you a very similiar set of output... think it's the overall logfile, though I forget what that's called (though I think it's smart enough to rotate it and trim off the top of the file so as to not fill up your hard drive).
It's been a long while since I've used BlackICE, myself... personally we sh*t-canned a corporate project involving them when we couldn't stop getting false reports (or even promiscuous reports) from it. To their credit, that was way back in the days when they were still mostly still just getting off the ground...
it's just an advertisement, don't bother yourself...probably a ping looking for a potential user...
http://ddfplus.com/overview.asp
Ouroboros
a lil late there draziw, that day I *amazingly* found that out. See I have this thing called school, I posted that i think about 12:00 am then woke up at 6:00am for another post, then got to school at 8:00am and found that out. By the time I got home (3:00pm) I figuered it out and no one else had answered my post so I just forgot about it. i was also a lil peroniod being tiered and all, but I figuered everything out so it ok.
LOL... sorry 'bout that...
Good t'hear you figured it out. Though, if you could post sanitized versions of the logs, I'm sure many here would appreciate it and could be a good "learning process" to add to a tutorial somwhere.
lol its cool I will next time I have a problem like this