Re: firewalls - ZONEALARM - what to block and why - your security at risk
Re: firewalls - ZONEALARM - what to block and why - your security at risk
Hi MEB, and all,
I'm actually running a rather old version of ZA; v. 3.1.291. My philosophy
is *unlike* AV apps. etc., there just isn't much to improve IMHO. I don't
want or need any additional bells and whistles.
And you were close, I'm running XP Pro, but I keep perusing this group,
because this is where it all started for me. I still have my copy of W98SE,
but it's kind of a pain to install that *after* XP is already there. I was a
die-hard 98 fan, and swore I would *never* switch to XP, but the computer I
inherited already had it on it. I figured I'd give it a try, and if I
didn't like it, well, then back to good ol' 98. The way I have XP set up,
you'd almost think it was 98. I turned off *all* the cutesy eye-candy etc.,
mainly for performance reasons. Besides, I *hate* pastels! This box was
built for W98.
I have to admit that it is extremely stable, but then again so was my 98
install. It's the "junk" we add later that tends to muck things up.
Sorry I digressed.
--
HTH,
Curt
Windows Support Center
www.aumha.org
Practically Nerded,...
http://dundats.mvps.org/Index.htm
"MEB" <meb@not
here@hotmail.com> wrote in message
news:%23VgmuJi0HHA.4476@TK2MSFTNGP06.phx.gbl...
|
|
| "Curt Christianson" <curtchristnsn@NOSPAM.Yahoo.com> wrote in message
| news:%23tJUffZ0HHA.1204@TK2MSFTNGP03.phx.gbl...
|| Some real food for thought gentlemen. Thank you.
||
|| P.S. I've been using ZA since 2000.
||
|| --
|| HTH,
|| Curt
||
|| Windows Support Center
||
www.aumha.org
|| Practically Nerded,...
||
http://dundats.mvps.org/Index.htm
|
| We aim to please...
|
| I also used ZA for a number of years on the various 9X boxes and XP. The
| rules aspect of other firewalls always drew me [having a Linux, Zenix, NT
| background] but I thought it wise to use what others might be using [for
| comparison purposes].
| Now however, with the use of highly questionable activities on the
| Internet, and my personal questions related to ZA, and no support from
| Microsoft and ZoneLabs, I thought I would return to something which gave
| considerably more control during my final testing days under 9X.
|
| I have an old ZA version [forgot which version though, and have no
| intention of re-installing it] about 1.4meg which actually seemed to
supply
| MOST of the normal functions required, at least semi-adequately. Sometimes
I
| thought the newer versions were attempting aspects which were not well
| implimented or implimented in a fashion I thought not user friendly. Of
| course there is an ability to setup *rules like* activities within ZA, but
I
| would imagine most users do not do so.
|
| In the spirit of this discussion, which is to include any firewalls [and
I
| hope it eventually does. Note this has ZONEALARM now in its subject
| heading]:
|
| What version and product are you or others using?
|
| Have you or others run monitoring/sniffing programs while using ZA to see
| if it actual performs as advertised?
|
| What settings or other seemed to be the most useful to you or other users?
|
| What advise would users give concerning settings, configuration, etc. to
| other users of ZA, [noting in Curt's case, I think your using it under
W2K,
| so does that offer anything different as far as you know]?
|
| Have you or other users created any similar rules within ZA to the below
| [referencing Kerio PFW rules]?
|
||
|| "MEB" <meb@not
here@hotmail.com> wrote in message
|| news:eq0$HgY0HHA.6072@TK2MSFTNGP03.phx.gbl...
|| |
|| |
|| |
|| | "PCR" <pcrrcp@netzero.net> wrote in message
|| | news:OLN2TzV0HHA.1484@TK2MSFTNGP06.phx.gbl...
|| || MEB wrote:
|| || | PCR and Gram Pappy [among others] have been discussing firewall
|| || | settings and what they can or should be used for.
|| ||
|| || That's right. I installed...
|| ||
|
http://www.dslreports.com/faq/security/2.5.1.+Kerio+and+pre-v3.0+Tiny+PFW
|| ||
|| || ...Kerio Personal Firewall v2.1.5 about 4 years ago & several months
|| || later began a 17 year study of what to do with it. But I should have
|| || spoke up sooner!
|| ||
|| || | In the spirit of those discussions, I thought I would post some
|| || | blocked activity from a SINGLE session/contact through my ISP and
|| || | ONLY to this news server and my email accounts [via OE6]. This is
|| || | from the firewall log [several of my normal settings/restrictions
|| || | were specifically reset for this presentation].
|| ||
|| || Thanks for jumping in. So, you wanted to see what would happen just by
|| || connecting to the NET & using OE for mail & NG activity.
|| |
|| | Well, ah no, actually I wanted to let other users who may not have
|| | investigated or understand firewalls.
|| |
|| ||
|| || | No other Internet activity occurred [e.g., no external IE or
browser
|| || | usage or other activity]. All *allowed activity* has been removed,
so
|| || | that the addresses and activities blocked might be addressed for
|| || | perhaps a greater understanding of the function of firewalls, what
|| || | they can and are used for, and other aspects related thereto.
|| ||
|| || Really, it's important to see what was allowed too. Where I thought my
|| || Primary DNS Server rule would be used only by NetZero (they are
NetZero
|| || addresses in there)... really a whole bunch of apps were using it! But
|| || that's in the other thread!
|| |
|| | DNS is used by any program requiring addressing information. The key is
| to
|| | limit to the EXACT DNS server(s) NOT within your system [unless for
| local
|| | network traffic] and the port [53] used by that (those) server(s) with
|| | limited [chosen by previous monitoring] local ports and applications.
|| |
|| | I will NOT post all my rules or what exactly I have configured locally
|| | [that would supply the exact way to circumvent my protection], however
I
|| | will post this contact to retreive the email/news messages [your
| posting],
|| | with a few more inclusions [again, slightly modified rules and rule
|| | logging]. This was ONLY to retreive mail and the newsgroups on
| Microsoft.
|| | Nothing else occurred BUT the logon to the ISP.
|| |
|| | 2,[28/Jul/2007 17:22:18] Rule 'AOL UDP pass': Permitted: Out UDP,
|| | localhost:1030->XXX.XXX.XXX.X:7427, Owner: C:\PROGRAM FILES\AMERICA
| ONLINE
|| | 7.0\WAOL.EXE
|| | 1,[28/Jul/2007 17:22:18] Rule 'Other ICMP': Blocked: Out ICMP [10]
| Router
|| | Solicitation, localhost->224.0.0.2, Owner: Tcpip Kernel Driver
|| | 2,[28/Jul/2007 17:22:18] Rule 'AOL UDP pass': Permitted: In UDP,
|| | XXX.XXX.XXX.X:7427->localhost:1030, Owner: C:\PROGRAM FILES\AMERICA
| ONLINE
|| | 7.0\WAOL.EXE
|| | 1,[28/Jul/2007 17:22:22] Rule 'Other ICMP': Blocked: Out ICMP [10]
| Router
|| | Solicitation, localhost->ALL-ROUTERS.MCAST.NET [224.0.0.2], Owner:
Tcpip
|| | Kernel Driver
|| | 1,[28/Jul/2007 17:22:24] Rule 'Other ICMP': Blocked: Out ICMP [10]
| Router
|| | Solicitation, localhost->ALL-ROUTERS.MCAST.NET [224.0.0.2], Owner:
Tcpip
|| | Kernel Driver
|| | 1,[28/Jul/2007 17:23:58] Rule 'Incoming ICMP': Blocked: In ICMP [8]
Echo
|| | Request, XXX.XXX.XX.XXX->localhost, Owner: Tcpip Kernel Driver
|| | 1,[28/Jul/2007 17:26:56] Rule 'Incoming ICMP': Blocked: In ICMP [8]
Echo
|| | Request, XXX.XXX.XXX.XXX->localhost, Owner: Tcpip Kernel Driver
|| | 1,[28/Jul/2007 17:29:12] Rule 'Shaw Comm block': Blocked: In UDP,
|| | 24.64.192.20:17898->localhost:1026, Owner: no owner
|| | 1,[28/Jul/2007 17:29:12] Rule 'Shaw Comm block': Blocked: In UDP,
|| | 24.64.192.20:17898->localhost:1027, Owner: no owner
|| | 1,[28/Jul/2007 17:29:12] Rule 'Shaw Comm block': Blocked: In UDP,
|| | 24.64.192.20:17898->localhost:1028, Owner: no owner
|| | 1,[28/Jul/2007 17:29:12] Rule 'TCP ack packet attack': Blocked: In TCP,
|| | 207.46.248.16:119->localhost:1072, Owner: no owner
|| | at which point I disconnected having retrieved mail and the news
| messages.
|| |
|| | NOTE specifically the *ALL_ROUTERS* from MCAST.NET, and the tcpip
Kernel
|| | requests.
|| |
|| ||
|| || | For those who do not understand firewalls, these activities would
or
|| || | may have been allowed as they followed either programs IN USE
| [allowed
|| || | activity], or through addressing [broadcast or otherwise] had a
|| || | firewall not been used.
|| ||
|| || That is right. Without a firewall with a good set of denial rules, all
|| || activity is allowed. Hopefully, if a virus or a trojan or a spy can
|| || sneak in that way, a good virus detector will prevent it from
| executing.
|| || Also, there may have been an MS fix or two to prevent some forms of
|| || abuse along these lines (I don't know).
|| |
|| | What would make you think any anti-spyware or anti-virus programs would
|| | check or correct these types of activities?
|| |
|| | Anti-spyware programs MAY block certain addresses and perhaps some
|| ActiveX,
|| | or other. Anti-virus MIGHT catch scripting or attempts to infect
|| something,
|| | or emails or files which contain hacks or other. Host or lmhost files
|| catch
|| | what they have been configured to catch via addressing/name.
|| | These, however, are *network use* activities WITHIN the TCP/IP and
other
|| | aspects of Internet/network usage. Firewalls, proxies, packet sniffers,
|| | client servers, the TCP/IP kernel, and the like, are what handle these
|| | activities.
|| | Of course the above is an overly simplified explanation.
|| |
|| ||
|| || | NOTE: this is contact through a dial-up connection[phone]/ISP
[which
|| || | is indicated via some of these addresses], ALWAYS ON connections are
|| || | even more of a security risk.
|| ||
|| || Uhuh. I am Dial-Up too. That way, you get a new IP address each
| connect.
|| |
|| | Only if that is what the ISP requires or desires.
|| |
|| ||
|| || | Hopefully, this discussion will be useful to those interested and
|| || | provide theory and answers to various issues.
|| || | Rule sets or other settings for various firewalls would naturally
be
|| || | of interest.
|| || |
|| || | 1,[28/Jul/2007 01:33:36] Rule 'Packet to unopened port received':
|| || | Blocked: In UDP, 67.170.2.174:43511->localhost:29081, Owner: no
owner
|| ||
|| || I find I have to guess as to the meaning of that. Looks like someone
at
|| || 67.170.2.174, who is Comcast...
|| ||
|| ||
http://www.networksolutions.com/whois/results.jsp?ip=67.170.2.174
|| || .....Quote...........
|| || 67.170.2.174
|| || Record Type: IP Address
|| ||
|| || Comcast Cable Communications, Inc. ATT-COMCAST (NET-67-160-0-0-1)
|| || 67.160.0.0 - 67.191.255.255
|| || Comcast Cable Communications, IP Services WASHINGTON-6
|| || (NET-67-170-0-0-1)
|| || 67.170.0.0 - 67.170.127.255
|| || .....EOQ.............
|| ||
|| || ...sent a UDP datagram to port 29081 on your machine. But I don't
|| || know...
|| ||
|| || (1) did the port exist without an owner, & would it have received
|| || the datagram (except the rule blocked it)?
|| || (The name of that rule suggests the answer is no.)
|| |
|| | The data request would have been received and likely honored.
|| | The port would have been opened/created to allow this activity.
|| |
|| ||
|| || (2) did the the port once exist & at that time have an owner,
|| || but somehow was closed before the datagram arrived?
|| || Therefore, it couldn't get it, anyhow, even if not blocked?
|| |
|| | If it would have been ALLOWED activity [e.g., without proxy or firewall
|| | monitoring or exculsion, or within a hosts or lmhosts, or other]], then
| a
|| | search would have been made for an available port, and then
|| created/opened.
|| | Look again at this:
|| | 1,[28/Jul/2007 17:29:12] Rule 'Shaw Comm block': Blocked: In UDP,
|| | 24.64.192.20:17898->localhost:1026, Owner: no owner
|| | 1,[28/Jul/2007 17:29:12] Rule 'Shaw Comm block': Blocked: In UDP,
|| | 24.64.192.20:17898->localhost:1027, Owner: no owner
|| | 1,[28/Jul/2007 17:29:12] Rule 'Shaw Comm block': Blocked: In UDP,
|| | 24.64.192.20:17898->localhost:1028, Owner: no owner
|| |
|| | See the attempt to find or create an open port?
|| | Now, should I have stayed online, there would have been continued
| attempts
|| | [see your prior discussion where I was online longer], though with
|| different
|| | Shaw addressing and OUT ports, again stepping through IN [local] ports
| in
|| | attempt to find or create.one.
|| |
|| |
|| ||
|| || (3) did the port 29081 never exist?
|| ||
|| || Do any earlier log entries mention that port? You'd have to log all
|| || activity of each "permit" rule to know for sure. But, if there is no
|| || rule permitting the activity, then you would have received a Kerio
|| || requestor mentioning the port.
|| |
|| | No we don't need that.
|| | Were an ALLOWED program or address using that aspect, then it would NOT
|| | have created the denial. Either would have cascaded to find an open
port
|| for
|| | use [as long as it was in the defined rule range].
|| | AND you mention Kerio, which MUST have that turned on {requestor].
|| | Other firewalls, particularly those that automatically configure
|| | themselves, MAY not pop-up anything unless it has been configured that
|| way.
|| | They also MAY pass through such requests if piggy-backed from or on
|| allowed
|| | activities/programs. Think "but all I want to know is the user
address".
|| | Think Microsoft's firewalls, imagine what they are configured by
default
|| to
|| | allow.
|| |
|| ||
|| || Here is a Kerio help page to study...
|| ||
|| || ......Quote............
|| || Filter.log file
|| ||
|| || The filter.log file is used for logging Kerio Personal Firewall
actions
|| || on a local computer. It is created in a directory where Personal
|| || Firewall is installed (typically C:\Program Files\Kerio\Personal
|| || Firewall). It is created upon the first record.
|| ||
|| || Filter.log is a text file where each record is placed on a new line.
It
|| || has the following format:
|| ||
|| || 1,[08/Jun/2001 16:52:09] Rule 'Internet Information Services':
Blocked:
|| || In TCP, richard.kerio.cz [192.168.2.38:3772]->localhost:25, Owner:
|| || G:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
|| ||
|| || How to read this line:
|| ||
|| || 1 rule type (1 = denying, 2 = permitting)
|| ||
|| || [08/Jun/2001 16:52:09] date and time that the packet was detected (we
|| || recommend checking the correct setting of the system time on your
|| || computer)
|| ||
|| || Rule 'Internet Information Services' name of a rule that was applied
|| || (from the Description field)
|| ||
|| || Blocked: / Permittted: indicates whether the packet was blocked or
|| || permitted (corresponds with the number at the beginning of the line)
|| ||
|| || In / Out indicates an incoming or outgoing packet
|| ||
|| || IP / TCP / UDP / ICMP, etc. communication protocol (for which the
rule
|| || was defined)
|| ||
|| || richard.kerio.com [192.168.2.38:3772] DNS name of the computer, from
|| || which the packet was sent, in square brackets is the IP address with
| the
|| || source port after a colon
|| ||
|| || locahost:25 destination IP address (or DNS name) and port (localhost
=
|| || this computer)
|| ||
|| || Owner: name of the local application to which the packet is addressed
|| || (including its full path). If the application is a system service the
|| || name displayed is SYSTEM.
|| || .........EOQ.................
|| ||
|| || | 1,[28/Jul/2007 01:34:00] Rule 'Packet to unopened port received':
|| || | Blocked: In UDP, 200.112.1.7:8806->localhost:29081, Owner: no owner
|| ||
|| || That one seems to be coming from...
|| ||
|| || NetRange: 200.0.0.0 - 200.255.255.255
|| || NetName: LACNIC-200
|| |
|| | Yes, that is the key to your Firewall security.
|| | Tracking each suspect activity to the originator, if possible.
|| |
|| | Actually were I to post prior complete TRACKING logs [which I
| collect(ed)
|| | for specific use], say for one day's normal usage, vast numbers of
|| | potentially dangerous attacks/attempts would be shown.
|| | The Internet is a cesspool of users, unless you protect yourself from
|| them.
|| | NO-ONE is completely invisible or invulnerable. There is always a
| starting
|| | [requesting/receiving] address [yours].
|| | If you were ACTUALLY invisible then nothing would reach you; you
| couldn't
|| | receive a web page; you couldn't receive email; you couldn't do any
|| | networking. Whatever is requested MUST have a destination [You]. [Okay,
| I
|| | know of ways but we're not educating hackers here.]
|| |
|| | FOR THE GENERAL DOUBTER [not you PCR]:
|| | Try it. Block all network and Internet traffic in your firewall. That
|| | closes all ports, hence no requesting/receiving address [yours]. It
|| doesn't
|| | matter that you may have obtained an IP address or have one hard set,
|| there
|| | is no way to use it {don't try this for long or you will lose access to
|| the
|| | net on a phoneline}. [Or clear your IP, DHCP, and DNS entries {WINS if
|| | applicable}...] No ports or no address and there is no network.
|| | Now turn it on again [or re-connect] and do a TRACE [preferred] or ping
| to
|| | ANY web address. Notice the addresses? Notice the routing?
|| | NOW, exactly how did YOU receive that information? Certainly it wasn't
|| | broadcast to the world and you just happened to have ended up with it.
| Or
|| | was it?
|| | --
|| |
|| | Now what could a hacker, or someone wishing to track you for whatever
|| | reason, do with that information?
|| | All that is originally needed by that party is the requesting/receiving
|| | address; e.g. your address, your activity, something you did or
allowed.
|| | Once this is known then anythng that party wishes to do can be done.
Now
|| | think about ALWAYS ON connections.
|| |
|| | For instance, you did go through Sponge's other pages [used because it
| was
|| | previously referenced] which address advertising and other inoccent
|| [cough]
|| | inclusions on web pages, or which you may find on the Internet,
correct?
|| | Such as:
http://www.geocities.com/yosponge/othrstuf.html
|| | Did you look at his host file, etc..
|| | Or perhaps look at ports, packets, formation, and other aspects over
on:
|| |
http://www.faqs.org/rfcs/ - Internet RFC/STD/FYI/BCP Archives
|| |
|| | 9X users?
|| | Older versions of NetInfo [NetInfo - Version 3.75 (Build 604)] provide
|| some
|| | nice tools for network/Internet use/diagnostics.
|| | Local Info, Ping, Finger, Whois, Scanner, Services, Lookup, etc.. Be
|| careful
|| | using it, many servers do NOT like to be scanned, you may be logged and
|| your
|| | ISP or other agency may be contacted..
|| |
|| | Another nifty test tool is called *tooleaky*. A little 3k tool to test
|| your
|| | supposed security [created to test/expose GRC suggestions]. Read about
|| what
|| | it does and how. You might think twice about what you think you know.
|| |
|| | If your using 2000 or above, might want to check these older tools:
|| |
|| |
http://www.foundstone.com/us/resources-free-tools.asp - Division of
| McAfee
|| |
|| | Attacker 3.00
|| |
|| |
http://www.foundstone.com/knowledge/proddesc/fport.html
|| | fport - find out what is using what port - 2000 - XP/NT
|| | Identify unknown open ports and their associated applications
|| | Copyright 2002 (c) by Foundstone, Inc.
|| |
http://www.foundstone.com
|| | fport supports Windows NT4, Windows 2000 and Windows XP
|| | fport reports all open TCP/IP and UDP ports and maps them to the owning
|| | application. This is the same information you would see using the
|| | 'netstat -an' command, but it also maps those ports to running
processes
|| | with the PID, process name and path. Fport can be used to quickly
| identify
|| | unknown open ports and their associated applications.
|| |
|| |
|| | Trout Version 2.0 (formerly SuboTronic)
|| | New in this release
|| | Parallel pinging, resulting in a huge speed improvment.
|| | Selectable background and text colors.
|| | Improved interface.
|| | Save trace to file.
|| | Improved HTML output.
|| | Optional continuous ping mode.
|| | Traceroute and Whois program.
|| | Copyright 2000 (c) by Foundstone, Inc.
|| | A visual (i.e. GUI as opposed to command-line) traceroute and Whois
|| program.
|| | Pinging can be set at a controllable rate as can the frequency of
|| repeatedly
|| | scanning the selected host. The built-in simple Whois lookup can be
used
|| to
|| | identify hosts discovered along the route to the destination computer.
|| | Parallel pinging and hostname lookup techniques make this traceroute
|| program
|| | perhaps the fastest currently available.
|| |
|| |
|| | Of course SYSINTERNALS/WINTERNALS has some nice tools - look on
|| Microsoft's
|| | TechNet
|| |
|| ||
|| || | 1,[28/Jul/2007 01:34:06] Rule 'Packet to unopened port received':
|| || | Blocked: In UDP, 218.10.137.139:55190->localhost:1026, Owner: no
| owner
|| || | 1,[28/Jul/2007 01:34:06] Rule 'Packet to unopened port received':
|| || | Blocked: In UDP, 218.10.137.139:55190->localhost:1027, Owner: no
| owner
|| || | 1,[28/Jul/2007 01:34:06] Rule 'Packet to unopened port received':
|| || | Blocked: In UDP, 190.46.171.127:41806->localhost:29081, Owner: no
|| || | owner 1,[28/Jul/2007 01:34:10] Rule 'Packet to unopened port
|| || | received': Blocked: In UDP, 190.46.171.127:41806->localhost:29081,
|| || | Owner: no owner 1,[28/Jul/2007 01:35:30] Rule 'Packet to unopened
|| || | port received': Blocked: In UDP,
|| || | 189.153.168.143:32737->localhost:29081, Owner: no owner
|| || | 1,[28/Jul/2007 01:35:46] Rule 'Packet to unopened port received':
|| || | Blocked: In UDP, 58.49.103.227:1107->localhost:1434, Owner: no owner
|| || | 1,[28/Jul/2007 01:36:04] Rule 'Packet to unopened port received':
|| || | Blocked: In TCP, 219.148.119.6:12200->localhost:7212, Owner: no
owner
|| || | 1,[28/Jul/2007 01:36:08] Rule 'Packet to unopened port received':
|| || | Blocked: In TCP, 219.148.119.6:12200->localhost:8000, Owner: no
owner
|| || | 1,[28/Jul/2007 01:36:08] Rule 'TCP ack packet attack': Blocked: In
|| || | TCP, msnews.microsoft.com [207.46.248.16:119]->localhost:1186,
Owner:
|| || | no owner 1,[28/Jul/2007 01:36:12] Rule 'Packet to unopened port
|| || | received': Blocked: In UDP, 90.20.19.204:46983->localhost:29081,
|| || | Owner: no owner 1,[28/Jul/2007 01:36:30] Rule 'Packet to unopened
|| || | port received': Blocked: In UDP,
87.235.125.80:8052->localhost:29081,
|| || | Owner: no owner 1,[28/Jul/2007 01:36:50] Rule 'Packet to unopened
|| || | port received': Blocked: In UDP,
69.126.6.107:32338->localhost:29081,
|| || | Owner: no owner 1,[28/Jul/2007 01:37:36] Rule 'Packet to unopened
|| || | port received': Blocked: In UDP,
|| || | 189.128.113.251:16491->localhost:29081, Owner: no owner
|| || | 1,[28/Jul/2007 01:37:38] Rule 'Packet to unopened port received':
|| || | Blocked: In UDP, 221.209.110.13:49282->localhost:1026, Owner: no
|| || | owner 1,[28/Jul/2007 01:37:38] Rule 'Packet to unopened port
|| || | received': Blocked: In UDP, 221.209.110.13:49282->localhost:1027,
|| || | Owner: no owner 1,[28/Jul/2007 01:38:02] Rule 'Packet to unopened
|| || | port received': Blocked: In UDP,
|| || | 200.117.180.230:22925->localhost:29081, Owner: no owner
|| || | 1,[28/Jul/2007 01:38:10] Rule 'Packet to unopened port received':
|| || | Blocked: In UDP, 74.120.200.92:45097->localhost:29081, Owner: no
|| || | owner 1,[28/Jul/2007 01:38:16] Rule 'Packet to unopened port
|| || | received': Blocked: In UDP, host230.200-117-180.telecom.net.ar
|| || | [200.117.180.230:22925]->localhost:29081, Owner: no owner
|| || | 1,[28/Jul/2007 01:38:30] Rule 'Packet to unopened port received':
|| || | Blocked: In UDP, 88.22.213.173:19033->localhost:29081, Owner: no
|| || | owner 1,[28/Jul/2007 01:38:56] Rule 'Packet to unopened port
|| || | received': Blocked: In UDP, 74.107.240.241:48641->localhost:29081,
|| || | Owner: no owner 1,[28/Jul/2007 01:39:22] Rule 'Packet to unopened
|| || | port received': Blocked: In UDP,
|| || | 221.208.208.95:53699->localhost:1026, Owner: no owner 1,[28/Jul/2007
|| || | 01:39:54] Rule 'Packet to unopened port received': Blocked: In UDP,
|| || | 67.81.156.51:20406->localhost:29081, Owner: no owner 1,[28/Jul/2007
|| || | 01:40:46] Rule 'Packet to unopened port received': Blocked: In UDP,
|| || | 200.89.49.207:23085->localhost:29081, Owner: no owner 1,[28/Jul/2007
|| || | 01:40:58] Rule 'Packet to unopened port received': Blocked: In UDP,
|| || | 221.208.208.90:33490->localhost:1026, Owner: no owner 1,[28/Jul/2007
|| || | 01:42:36] Rule 'Packet to unopened port received': Blocked: In UDP,
|| || | 142.161.209.54:15611->localhost:29081, Owner: no owner
1,[28/Jul/2007
|| || | 01:42:52] Rule 'Packet to unopened port received': Blocked: In UDP,
|| || | 190.60.89.179:47922->localhost:29081, Owner: no owner 1,[28/Jul/2007
|| || | 01:43:20] Rule 'TCP ack packet attack': Blocked: In TCP,
|| || | msnews.microsoft.com [207.46.248.16:119]->localhost:1185, Owner: no
|| || | owner 1,[28/Jul/2007 01:43:40] Rule 'Packet to unopened port
|| || | received': Blocked: In UDP, 190.31.24.235:50988->localhost:29081,
|| || | Owner: no owner
|| || |
|| || |
|| || | --
|| || | MEB
|| || |
http://peoplescounsel.orgfree.com
|| || | ________
|| ||
|| || --
|| || Thanks or Good Luck,
|| || There may be humor in this post, and,
|| || Naturally, you will not sue,
|| || Should things get worse after this,
|| || PCR
|| ||
pcrrcp@netzero.net
|| ||
|| ||
|| |
|| |
|| | --
|| | MEB
|| |
http://peoplescounsel.orgfree.com
|| | ________
|| |
|| |
|| |
|| |
||
||
|
| --
| MEB
|
http://peoplescounsel.orgfree.com
| ________
|
|
|