LISTSERV - PCBUILD Archives - LISTSERV.ICORS.ORG

PCBUILD Archives

Personal Computer Hardware discussion List

PCBUILD@LISTSERV.ICORS.ORG

	LISTSERV Archives
	PCBUILD Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Follow Up to Software for monitoring for internet attacks
From:	John Sproule <[log in to unmask]>
Reply To:	PCBUILD - Personal Computer Hardware discussion List <[log in to unmask]>
Date:	Mon, 8 Jan 2001 11:56:56 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (54 lines)

I wanted to thank those who replied to my earlier post and add a few more
comments.

I already have been using ZoneAlarm to monitor activity coming in to my
computer, though not very consistently.  I have found it interesting to run
it on a computer temporarily placed outside of the my router's concealment
in order to get a better idea of how often computers are being scanned these
days and for what open ports.  Running it on a computer behind the router
provides some confirmation that things are not getting through the router
that shouldn't (ie, no ports scans should be detected). Since it basically
doesn't see anything with the router in place, I've not made much regular
use of it.  Perhaps keeping it running would help against what I am assuming
are some sort of flooding attacks, which I mentioned in my previous post.
The main reason to continue to run ZoneAlarm with a router seems to be its
monitoring of out going traffic, since this adds a degree of protection
against a trojan that might have slipped through my virus scanner and  have
the ability to try to connect with the outside world.

I have not tried out BlackIce Defender that some suggested.  I'm not sure
that it offers much more than the freeware ZoneAlarm, and I couldn't find a
demo available of it at this time.

WinDump was new for me, and it does work with Win98 (probably all versions
of windows).  It displays the headers of all traffic passing through the
network interface card that it is bound to.  This will provide much more
information than a novice will be able to make sense of, but for the
curious, like myself, it will encourage you learn a little bit more about
the different protocols and kinds of traffic that pass through your computer
when it is connected to a network.  You can certainly pick out what
connections are being made to who and what ports these are using.

Dave Gillett had suggested running it on a second computer, keeping both
behind my router's concealment.  Since my router has a built in switch, I
found that not much could be picked up this way.  In other words, I couldn't
eavesdrop on the traffic between my router and my other computer.  Since
this was what I was curious about, I ended up hooking both computers up to a
hub and then uplinking the hub to my router.  This way all the information
going between the computer connecting to the internet and the router would
pass by the other computer's network card, where it could be intercepted.
You can either just watch all the information scroll by on the monitor or
redirect it to a file for browsing later (perhaps you can do both, but I
couldn't figure out how).  This is a very powerful utility in terms of the
amount of information it can provide and obviously intended for those who
understand how network protocols work, but  I think that someone who likes
to poke around with computers may find it interesting as well.

Thanks again for the replies.

John

                  Visit our website regularly for FAQs,
               articles, how-to's, tech tips and much more
                  http://nospin.com - http://nospin.org

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG