User Panel
User Panel
User Panel
|
Posted: 6/9/2003 12:54:11 AM EDT
[#1]
Did you check the log viewer in Zone Alarm?
I use the free version. Just click the "Alerts & Logs" tab, select "Log Viewer" up in the right-hand corner, highlight an event in the list, and click "More Info" down at the bottom. That should bring you to the Zone Alarm web site and display a blurb related to the event you selected. There is also a shareware program called ZoneLog you can get at [url]zonelog.co.uk[/url], that will import your Zone Alarm log file and give you detailed info regarding attempted intrusions (which may just be pings from your ISP). BTW, a packet is a piece of data. When you send a message or a file over the Internet, the data is divided into little chunks called packets. Each packet contains the sender's IP address and the destination IP address in a special area of the packet called the header. Overview here [url]www.ipanalyser.co.uk/[/url] |
|
|
|
Posted: 6/9/2003 2:57:58 AM EDT
[#2]
I think that the numbers after the colon are port numbers. So, if you look at your logs from this site, it would look like (66.202.29.77:80). That is because port 80 is the HTTP(web pages) port. It looks like someone could be port scanning(Trying to find an open port on an unsuspecting computer), if these are incomming. Are you sure that these are incomming and not outgoing? Is the IP address that you gave your IP address? That IP address is with attbi.com. You could always check with them.
|
|
|
|
Posted: 6/9/2003 8:21:39 AM EDT
[#3]
Yeah, that is incoming and not my IP address...
After I saw AT&T, it kinda rang like what matt said...'pings from my ISP'... |
|
|
|
Posted: 6/9/2003 8:26:23 AM EDT
[#4]
A packet is a block of information. ANYTHING you send or receive over a network is broken down into packets. (Imagine the London Bridge. They broke it down brick by brick, labeled them, shipped them to AZ, and reassembled. That's what happens when you send or receive anything over a network)
the number after the colon is the port number. I'm not sure if that's the incoming port or the source port. Probably the incoming, meaning, the packets were trying to address those ports. A port is a virtual address that networked computers use. For instance, port 80 is for websites. When you request a website from a server, your request is routed to port 80, so that whatever program is acting as a web server, gets the request. You probably don't need to worry about it. Zone Alarm is blocking them, so whoever is sending them is wasting their time. |
|
|
|
Posted: 6/9/2003 8:59:48 AM EDT
[#5]
Correct. The colon is a port #. If it is a specific port number each time, it probably means that something is trying to communicate with a specific service or piece of software set-up to run on that dedicated port. If it's a bunch of different port numbers, then it is probably a hack tool like a port scanner trying to identify an unblocked or open port.
You can always dig a lot of information by doing a WHOIS or a TRACERT on the IP address. Here's a convenient site that has a lot of tools listed on one page for lookup: [url]http://www.samspade.org[/url] If you put the IP address in the "Do Stuff" field, it will return a bunch of information about the registrant for that subnet. |
|
|
|
Posted: 6/9/2003 9:52:28 AM EDT
[#6]
The zonelog links to whois, but the best part is, these guys are computer gurus like you guys. The 'normal' incoming hits are all traceable, the 'trojan' incoming ones are not traceable. whois is unaccessable.
This computer stuff is way much from my days of Fortran and mainframes. |
|
|
|
Posted: 6/9/2003 10:01:00 AM EDT
[#7]
Oh stop. I still code in Microfocus Cobol on an F-50 running AIX. [:D]
|
|
|
|
Posted: 6/9/2003 10:12:00 AM EDT
[#8]
Q1)What is a packet?
A1) A TCP/IP packet is a logical grouping of data. Probably the packets being sent are SYN packets sort of a "hello" from one computer to another asking it to open a virtual data port so that they can talk. Normal converstations are SYN-ACK- converation -FIN. Hello-acknowledge-converation-finish. Q2) Who is sending these and why? A2) Hackers looking for a trojan application that you might have accidently installed. If you're on a dial-up modem the guy who had your IP address before you called in and "rented" it might have a trojan. Trojans phone home to the hacker once they've been installed to give the hacker complete remote control of your computer. Or it could be the NSA, FBI, BLM, ATF watching you [:D] Q3) Can I see who is sending these/how? A3) Yes, if you capture their IP's and do a bit of research. I get hit with a few attempts a day and just block them from my firewall for a few hours automatically. |
|
|
Win a FREE Membership!
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.
