I'm getting all these pings =( help a newbie

I'm getting all these pings and they are filling up my ZAP logs... Is there anyway to stop logging just those? I don't want to stop all logging, just all these pings??

it sucks i get an alert in my log every second its insaine

 

Hi Blaze

Which version of ZA are you using?
I believe the latest Pro and Plus versions allow for expert rules where you may be able to create a block rule with no logging.

Regards,

CrazyM

 

Correct, it's the Welchia, Blaster-D or Nachi worm (it's the worm tries to repair the Blaster infection and in doing so floods the networks with pings). My Snort ids identifies these connection requests as CyberKit 2.2 Windows attacks.

 

thank you LowWaterMark that worked like a charm

thx guys for your input as well

this wll help alot of newbies wondering if there being hack because of the hundreds of alerts from this nasty worm attack

so if your a newbie and have zone alarm pro

you need to do the albove otherwise you will think your being hack every second of the day when its just a worm going around attacking everything in sight

 

And I'm running ZA free. Don't have no fancy settings. So I just muted the hits!!!! Log em in and send them to dShield once a day. (Wonder if that does any good!!??)

I envy you 'high cotton' dudes with all them fancy settings. I guess ima gettin my moneys worth though!!!!

 

Thanks LWM for the easy clear instructions. I saw your comments to the DSLR thread and came here to get the scoop. Thanks again, the dang pings have been driving me nuts. I will delete my ZoneLog Analyzer database {currently saturated with ten to fifteen thousand records, mostly pings} and start fresh after creating this rule. Warmly, Ran

 

Thanks a lot LowWaterMark.

I recently upgraded to ZAP 4.0 after having used ZAF for the last couple of years, and your instructions were just what I was looking for to stop logging all those those Pings.

Keep up the great work,
Regards, Bill

 

yup thx lowawater great stuffs

 

Hmm...... do i dare ask how to write a rule for the same issue when using SPF Pro

 

Hi Rainwalker

Could you create a similar rule in the Advanced Rules of Sygate?

Regards,

CrazyM

 

Correct me if I'm wrong.

http://home01.wxs.nl/~kleyn080/Image1SPF.gif

http://home01.wxs.nl/~kleyn080/Image2SPF.gif

Regards,

Pieter

 

Hi Pieter

Thanks for the screenshots from Sygate.
For your ICMP echo request example, should the direction not be just for inbound? That particular rule would likely not allow you to ping others - depending on your other Advanced rules and their priority.

Regards,

CrazyM

 

Hi CrazyM,

You can count on me to make errors like that.
Yes, it does. If you want it to block only incoming, you can choose "Incoming" on the "Ports and Protocols" tab under "Traffic Direction"
I guess this way nobody would ever find out if I was infected with that worm?

Regards,

Pieter

 

Peter Crazy M
Thank you Thank you

 

Opps.....I applied the SPF rule and nothing changed. Still in ping city. By the way for awhile now whenever i drag n drop a smiley to this post and others i always get two instead of just the one.......browser issue

 

Hi Rainwalker,

You didn't put a checkmark in the "Record this traffic in Packet Log" ?
And can you check in the Traffic Log if the pings are being blocked by this rule and not by any other rule higher in the hierarchy.

Regards,

Pieter

 

Thanks Pieter........ Rule is on top... box unchecked... my mistake ....i was thinking about the Traffic Log and hoping to stop recording there..Packet block is working.......anyway to stop logging of icmp pings in Traffic Log?

 

I don't think so.

Traffic Log

Simply put, this log logs all inbound and outbound traffic in detail that comes through your system/network.

Quote from:
http://bellsouthpwp.net/i/k/ikpe/SygateBasicsPt2.html#Logs
Emphasis on "all" by me.

But I'm not 100% sure about this.
You could try the mail-link at the bottom of that site and see if King knows of a way to do what you want.
Or try at the Sygate forums.

Regards,

Pieter

 

OK... again Pieter thank you for your time and assistance.

 

Excuse me but that is the cutest avatar I have ever seen!

Now, I just have ZA regular. I have been getting all kinds of pings also...for weeks.

I have Norton Anti Virus, Boclean and I was thinking about getting Norton Firewall or perhaps their whole security package.

Does anyone have an opinion about Firewalls?

 

Hi museheart

If that combo along with ZA works for you, no need to change unless you were wanting to try NPF/NIS specifically.

That's a pretty broad question for this forum . Anything in particular you were after? (perhaps in a post of it's own to keep this one from going off topic)

Regards,

CrazyM

 

Actually, I am not that crazy about Norton or ZA.

 

bump llook like some new newbies need help there should be a sticky on this