setting up zone alarm upgrading zone alarm installing pro over free deleting database files gracie's security pages zonelabs website moonlake cybersmiths email gracie |
lots of this stuff is techie-speak, but it'll give you a starting point. there are lots of good references on the net if you really care about this stuff <G>. the important thing is not to get crazy about your alerts; zone alarm STOPPED the hits, so don't worry! identifying log entries: * fwin - the firewall blocked an inbound packet of data coming to your computer. some, but not all, of these packets are connection attempts. * fwout - the firewall blocked an outbound packet of data from leaving your computer. * fwroute - the firewall blocked a packet that was not addressed to or from your computer, but was routed through it. * fwloop - the firewall blocked a packet addressed to the loopback adapter (127.0.0.1) * lock - the firewall blocked a packet due to a lock violation * pe an application on your computer requested access to the internet. * access - an application was blocked because it did not have access permission * ms - mailsafe quarantined a file attachment identifying tcp flags: * s (syn) only set in the first packet initiating a tcp connection. it represents an attempt to make a connection rather than a response to an existing connection. * f (fin) represents an attempt to terminate a connection. * r (reset) * p (push) * a (ack) * u (urgent) * 4 (low-order unused bit) * 8 (high-order unused bit) also see the firewall forensics FAQ for much more detail. |
|
"thanx bob h. & fred langa who got me started, & marcus of zonelabs for help above & beyond." |
||
