About "VisualZone"

Discussion in 'other firewalls' started by Krusty, Nov 3, 2002.

Thread Status:
Not open for further replies.
  1. Krusty

    Krusty Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Hey you all friends
    I used MS -Excel for filtering ZA logfile ´till I found out there is Steve´s own product for free; VisualZone, ok. Funny lil thing popped up right after I backtraced one single ip ZA blocked. It appeared to be grc.com ip. Attacked on port 137. :D
    Alright but VisualZone is a very good and I appreciate it much. There is still one thing on the background I don´t get it o_O why should I access FTP or HTTP to the intruders pc o_O

    Krusty a.k.a Ari
    :p correcting myself is my middle name lol
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Ari

    The 137 scan from grc.com is just part of going to the Shields Up pages of the site for testing and normal to see in your logs after going there.

    Not to sure what you mean here, could you clarify?

    Regards
    CrazyM
     
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,838
    Location:
    New England
    Hmm, I guess you are talking about the features described on this page (click on the "backtrace" link if your browser doesn't open to that section of the page):

    http://www.visualizesoftware.com/visualzone/visualzone.htm#backtrace

    It gives you the option to attach to the webserver and ftp server ports of the system at the address that just tried to connect to you. I guess assuming that that will tell you someting about the system at that address.

    You know, I've never been comfortable doing that. My thought has always been that if I'm not happy that some system sent me an unsolicited packet, why would I do the same thing to them? Also, I'd really rather not draw their attention to me. My firewall handled the event, in ZA's case, it blocked any response, and that's all that needs to be done. I'll leave the back traces to the pros like myNetWatchman.
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Agreed. Many inexperienced users intent on being stealth would use a feature like that without realizing they just provided their IP to the people that scanned them.

    Regards
    CrazyM
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    :)
    VisualZone tool option exactly is : "Attempt FTP access to the intruders pc". "Attempt HTTP access...." I agree with you, better not to do that anyway. Reporting them is the best and only way to handle these intruders if they even might be intruders at all.
    I noticed some hacking tools like "TFAK" is not available on wilders.org anymore. I also quitted using it on the net (same with "Superscanner" and old "Ants". They just might cause more inconvenience than helping in any case. But trying those programs was an experience though; maybe for ashame and I don´t scan anyones ports anymore either. So that FTP/HTTP access option seems kinda weird for me. I really don´t recommend to do it.

    Ari
     
  6. snowman

    snowman Guest

    Strongly agree with LowWaterMark.....an as a side note would suggest this thread as a good point for tightening security in the "local zone" for those using internet explore......my own local zone is more restricted than the restricted zone......plus ftp can't connect.
    scanning done improperly can be dangerous....

    There is also the issue of the resourses used by these scanners......plus the disk space....
    to the curious who just "must" find out who is scanning them......careful you don't get a few packets returned...you may not like the results. once a connection is made between computers....althought briefly....alot can take place.

    snowman
     
Loading...
Thread Status:
Not open for further replies.