Hey you all friends I used MS -Excel for filtering ZA logfile ´till I found out there is Steve´s own product for free; VisualZone, ok. Funny lil thing popped up right after I backtraced one single ip ZA blocked. It appeared to be grc.com ip. Attacked on port 137. Alright but VisualZone is a very good and I appreciate it much. There is still one thing on the background I don´t get it why should I access FTP or HTTP to the intruders pc Krusty a.k.a Ari correcting myself is my middle name lol
Hi Ari The 137 scan from grc.com is just part of going to the Shields Up pages of the site for testing and normal to see in your logs after going there. Not to sure what you mean here, could you clarify? Regards CrazyM
Hmm, I guess you are talking about the features described on this page (click on the "backtrace" link if your browser doesn't open to that section of the page): http://www.visualizesoftware.com/visualzone/visualzone.htm#backtrace It gives you the option to attach to the webserver and ftp server ports of the system at the address that just tried to connect to you. I guess assuming that that will tell you someting about the system at that address. You know, I've never been comfortable doing that. My thought has always been that if I'm not happy that some system sent me an unsolicited packet, why would I do the same thing to them? Also, I'd really rather not draw their attention to me. My firewall handled the event, in ZA's case, it blocked any response, and that's all that needs to be done. I'll leave the back traces to the pros like myNetWatchman.
Agreed. Many inexperienced users intent on being stealth would use a feature like that without realizing they just provided their IP to the people that scanned them. Regards CrazyM
VisualZone tool option exactly is : "Attempt FTP access to the intruders pc". "Attempt HTTP access...." I agree with you, better not to do that anyway. Reporting them is the best and only way to handle these intruders if they even might be intruders at all. I noticed some hacking tools like "TFAK" is not available on wilders.org anymore. I also quitted using it on the net (same with "Superscanner" and old "Ants". They just might cause more inconvenience than helping in any case. But trying those programs was an experience though; maybe for ashame and I don´t scan anyones ports anymore either. So that FTP/HTTP access option seems kinda weird for me. I really don´t recommend to do it. Ari
Strongly agree with LowWaterMark.....an as a side note would suggest this thread as a good point for tightening security in the "local zone" for those using internet explore......my own local zone is more restricted than the restricted zone......plus ftp can't connect. scanning done improperly can be dangerous.... There is also the issue of the resourses used by these scanners......plus the disk space.... to the curious who just "must" find out who is scanning them......careful you don't get a few packets returned...you may not like the results. once a connection is made between computers....althought briefly....alot can take place. snowman