firewall logs
- damonik
- senior
- Posts: 207
- Joined: Sun Jul 06, 2003 1:00 pm
- Location: space, the final frontier
- Contact:
firewall logs
salutare. am si eu o mare problema. in dimineata asta m-a anuntat firewall-ul pt a 4 oara in 2 luni ca am fost "atacat" -calcul nu eu personal .tipul de firewall:Sygate Personal Firewall Pro. datele furnizate de security log -vezi fisierul de mai jos.
ma poate lamuri si pe mine careva despre ce e vorba pls? si eventual ce pot face sa le opresc? mersi anticipat.
ma poate lamuri si pe mine careva despre ce e vorba pls? si eventual ce pot face sa le opresc? mersi anticipat.
You do not have the required permissions to view the files attached to this post.
- eugen
- Site Admin
- Posts: 687
- Joined: Sat Jul 05, 2003 10:42 pm
- Contact:
asta e log-ul tau: o sa-l iau pe bucati.
Time:08/31/2003 02:02:08
Security tipe: Mac Spoofing
Severity: minor
Direction: incoming
Protocol: unknown
Remote host: 10.128.0.1
Local IP: 10.4.5.50
Application name:
Count :1
Begin time: 08/31/2003 02:02:05
End time: 08/31/2003 02:02:05
- remote host: 10.128.0.1 - asta e serverul nostru, gateway-ul tau;
Description:
Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer.
daca vrei amanunte despre ce e ala ARP, sau ce e spoofing-ul, etc - ai net non-stop la dispozitie, documentatie cata vrei. in schimb citeste ce scrie acolo, in log - MINOR EVENT, it MAY do harm to your computer (in anumite situatii si scopuri in care e facut, ar fi trebuit sa precizeze cei de la sygate, special pt userii nelinistiti). chiar si asa, sygate firewall precizeaza cand e vorba de un "atac", in security log..
Detail information on 10.128.0.1:
........
NetRange: 10.0.0.0 - 10.255.255.255
....etc, etc
n-are rost sa faci backtrace la ip-ul asta, este gateway-ul tau din LAN
una peste alta, n-a fost nici un atac, ci doar ceva asemanator cu un ping (sunt sigur ca stii ce e asta)
marea mea nedumerire este: de ce ar folosi cineva SYGATE FIREWALL daca n-are un basic de cunostinte de retele? si nici nu are intentia sa se apuce de citit, din varii motive (pentru ca nu are timp, nu-l intereseaza, etc). pentru ca e bun? o fi bun, dar daca nu poti citi log-ul asta, singurul lucru la care e bun e sa te dea in paranoia. daca vrei, incearca zone alarm, e mult mai prietenos ca setari si ca interfata. plus ca are niste optiuni de genul "cum va apreciati nivelul de cunostinte in networking", incepand de la dom'le is bata complet, pana la expert in devenire
acu, sa ma ierti daca poate par nitzel sarcastic, dar daca ai sti de cate ori am auzit chestia asta, ca am fost atacati, imi zice ceva acolo ca ma ataca, ce sa fac... eu zic ca ai doua alternative: ori te apuci si citesti documentatie ca sa intelegi ce se intampla, ori ignori mesajele alea si eventual pui zone-alarm. da' parerea mea e ca daca vrei sa faci ceva util pentru pc-ul tau, fa-i security update la windows si la antivirus frecvent.
bafta..
Time:08/31/2003 02:02:08
Security tipe: Mac Spoofing
Severity: minor
Direction: incoming
Protocol: unknown
Remote host: 10.128.0.1
Local IP: 10.4.5.50
Application name:
Count :1
Begin time: 08/31/2003 02:02:05
End time: 08/31/2003 02:02:05
- remote host: 10.128.0.1 - asta e serverul nostru, gateway-ul tau;
Description:
Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer.
daca vrei amanunte despre ce e ala ARP, sau ce e spoofing-ul, etc - ai net non-stop la dispozitie, documentatie cata vrei. in schimb citeste ce scrie acolo, in log - MINOR EVENT, it MAY do harm to your computer (in anumite situatii si scopuri in care e facut, ar fi trebuit sa precizeze cei de la sygate, special pt userii nelinistiti). chiar si asa, sygate firewall precizeaza cand e vorba de un "atac", in security log..
Detail information on 10.128.0.1:
........
NetRange: 10.0.0.0 - 10.255.255.255
....etc, etc
n-are rost sa faci backtrace la ip-ul asta, este gateway-ul tau din LAN
una peste alta, n-a fost nici un atac, ci doar ceva asemanator cu un ping (sunt sigur ca stii ce e asta)
marea mea nedumerire este: de ce ar folosi cineva SYGATE FIREWALL daca n-are un basic de cunostinte de retele? si nici nu are intentia sa se apuce de citit, din varii motive (pentru ca nu are timp, nu-l intereseaza, etc). pentru ca e bun? o fi bun, dar daca nu poti citi log-ul asta, singurul lucru la care e bun e sa te dea in paranoia. daca vrei, incearca zone alarm, e mult mai prietenos ca setari si ca interfata. plus ca are niste optiuni de genul "cum va apreciati nivelul de cunostinte in networking", incepand de la dom'le is bata complet, pana la expert in devenire
acu, sa ma ierti daca poate par nitzel sarcastic, dar daca ai sti de cate ori am auzit chestia asta, ca am fost atacati, imi zice ceva acolo ca ma ataca, ce sa fac... eu zic ca ai doua alternative: ori te apuci si citesti documentatie ca sa intelegi ce se intampla, ori ignori mesajele alea si eventual pui zone-alarm. da' parerea mea e ca daca vrei sa faci ceva util pentru pc-ul tau, fa-i security update la windows si la antivirus frecvent.
bafta..
- damonik
- senior
- Posts: 207
- Joined: Sun Jul 06, 2003 1:00 pm
- Location: space, the final frontier
- Contact:
ai dreptate ca sunt bata in materie de retele. deh, am dat la stoma nu la automatica&co .dar sunt de parere ca si informatiile trunchiate care imi ajung pe la ureche din varii surse imi vor fi utile intr-un fel sau altul vreodata. asa ca iti multumesc ca ti-ai "pierdut" vremea cu raspunsul la ""atacul" meu si sper ca si in viitor se va indura cineva sa ma mai lumineze si pe mine in materie de retele. macar un pic.
Ai avut sansa unica de a capata forma omeneasca. NU-TI PIERDE TIMPUL!
- damonik
- senior
- Posts: 207
- Joined: Sun Jul 06, 2003 1:00 pm
- Location: space, the final frontier
- Contact:
- eugen
- Site Admin
- Posts: 687
- Joined: Sat Jul 05, 2003 10:42 pm
- Contact:
nu prea se pot reduce, sa stii. nici eu n-am facut automatica, si nici cu timpul crede-ma ca nu stau prea bine, in sensul ca acum fix de retea ar trebui sa-mi arda. asa ca ti-am mai zis si sus, sa nu te superi daca nu-s cel mai in masura sa-ti explice unele si altele. sfatul meu a fost sa nu mai folosesti soft care cere cunostinte serioase de calculatoare, si sa incerci sa cauti intai pe net 2-3 informatii inainte sa declari ca ai fost atacata. un copy/paste din log-ul ala pe google, si aflai tot felul de lucruri noi. ne-ar fi si noua mai usor, si tie. multumesc pt intelegere..
- Madi
- elder
- Posts: 666
- Joined: Sun Jul 06, 2003 11:16 am
- Location: Tei
- Contact:
- originaltup
- elder
- Posts: 1749
- Joined: Sun Jul 06, 2003 11:52 am
- Location: Ohio
in legatura cu firewall-ul chiar e mai bine sa treci pe Zone Alarm. Versiunea free e foarte buna. Iti da niste informatii sumare si se ocupa el de ceea ce trebuie. Sygate e foarte detaliat si daca nu stii ce sa faci cu informatiile respective chiar nu se merita. Plus ca ultima versiune a avut niste probleme la mine (cand dadeam drumul la net imi bloca calculatorul, de am zis ca sunt atacat si nu s-a rezolvat decat cu o reinstalare in urma careia am bagat iar ZA in asteptarea unei versiuni mai noi de Sygate)
- eugen
- Site Admin
- Posts: 687
- Joined: Sat Jul 05, 2003 10:42 pm
- Contact:
scoate-i optiunea anti-MAC spoofing si-o sa mearga si sygate. asa am patit toti cu el, nu numai tu, e de la broadcast-ul masiv in retea, de cand cu worms astia care colcaie pe aici. sygate-le il vede ca fiind spoofing, si se apuca sa le blocheze pe toate, practic sta procesorul la 100%.. acum ca cei cu blaster din retea au fost obligati sa-si rezolve problema, lucrurile s-au mai linistit.
sygate e un fw destul de paranoic de felul lui, dar are avantajul ca stii tot ce misca pe firul ala. sau, aproape tot..
sygate e un fw destul de paranoic de felul lui, dar are avantajul ca stii tot ce misca pe firul ala. sau, aproape tot..
- originaltup
- elder
- Posts: 1749
- Joined: Sun Jul 06, 2003 11:52 am
- Location: Ohio
- damonik
- senior
- Posts: 207
- Joined: Sun Jul 06, 2003 1:00 pm
- Location: space, the final frontier
- Contact:
- originaltup
- elder
- Posts: 1749
- Joined: Sun Jul 06, 2003 11:52 am
- Location: Ohio
Beginners Guides: Firewalls and Internet Security
When you use the Internet there are dangers around every corner. Viruses, malicious users, Trojan horses, Oh my! If these are just concepts to you, you are either lucky or well protected (or just un-connected). If these names trigger painful flashbacks to when your computer (and possibly your account balance) was rendered inoperable or compromised by one of the above, then join the club.
Either way, securing your computer against threats from the Internet is an essential step. If you do not, you will, at some point, regret it. Guaranteed.
This article is intended to provide some basic guidelines for securing your computer, and to give the reader a better understanding of how some of these technologies work. It is intended primarily for users of high-speed Internet connections, but most of the article is applicable to dial-up Internet users also.
As far as the home or small business user is concerned, Internet security can be broken down into three areas; Anti-virus software, Firewall protection and Recommended practices/Common sense.
To deal with the last of these three first, an essential step in securing your computer or network is understanding what actions can compromise you. What you don't know will hurt you, especially in regards to email. Some good basic security steps for dealing with email:
Restul il gasiti aici: http://www.pcstats.com/articleview.cfm?articleID=1450
When you use the Internet there are dangers around every corner. Viruses, malicious users, Trojan horses, Oh my! If these are just concepts to you, you are either lucky or well protected (or just un-connected). If these names trigger painful flashbacks to when your computer (and possibly your account balance) was rendered inoperable or compromised by one of the above, then join the club.
Either way, securing your computer against threats from the Internet is an essential step. If you do not, you will, at some point, regret it. Guaranteed.
This article is intended to provide some basic guidelines for securing your computer, and to give the reader a better understanding of how some of these technologies work. It is intended primarily for users of high-speed Internet connections, but most of the article is applicable to dial-up Internet users also.
As far as the home or small business user is concerned, Internet security can be broken down into three areas; Anti-virus software, Firewall protection and Recommended practices/Common sense.
To deal with the last of these three first, an essential step in securing your computer or network is understanding what actions can compromise you. What you don't know will hurt you, especially in regards to email. Some good basic security steps for dealing with email:
Restul il gasiti aici: http://www.pcstats.com/articleview.cfm?articleID=1450
- tapirul
- elite
- Posts: 3194
- Joined: Sun Jul 06, 2003 5:57 am
- Contact:
- originaltup
- elder
- Posts: 1749
- Joined: Sun Jul 06, 2003 11:52 am
- Location: Ohio
- tapirul
- elite
- Posts: 3194
- Joined: Sun Jul 06, 2003 5:57 am
- Contact:
- tapirul
- elite
- Posts: 3194
- Joined: Sun Jul 06, 2003 5:57 am
- Contact:
- Pisica_den_Cheshire
- senior
- Posts: 316
- Joined: Sun Jul 06, 2003 11:13 pm
- Location: eternal pits of doom
- Contact:
- tapirul
- elite
- Posts: 3194
- Joined: Sun Jul 06, 2003 5:57 am
- Contact:
- Pisica_den_Cheshire
- senior
- Posts: 316
- Joined: Sun Jul 06, 2003 11:13 pm
- Location: eternal pits of doom
- Contact:
foarte straniu. cred ca era pagina firmei tatalui meu shi linkul ala english trebuia sa duca la varianta in engleza a paginii (logic). cat despre uratzenie, acuma ce vrei shi tu, e facuta in word shi nici eu nu shtiu kiar asha multe
Cats kick ass. Says so on the t-shirt.
This is my sig. Worship my sig.
This is my sig. Worship my sig.
Who is online
Users browsing this forum: No registered users and 6 guests