BlackIce defender.... lidt for sikker?

Smider lige her lidt af det den har fanget:

Time, Event, Intruder, Count
12-02-2002 00:13:26, UDP port probe, 213.237.174.100, 1
12-02-2002 00:26:13, UDP port probe, pc-157-103.skjoldhoej.dk, 2
12-02-2002 01:20:59, UDP port probe, 213.237.174.100, 4
12-02-2002 01:30:06, UDP port probe, 213.237.174.100, 5
12-02-2002 01:31:42, UDP port probe, BALME-SERVER, 1
12-02-2002 01:55:10, UDP port probe, pc-157-103.skjoldhoej.dk, 3
12-02-2002 01:58:27, UDP port probe, 213.237.174.100, 4
12-02-2002 06:15:54, UDP port probe, 213.237.174.100, 26
12-02-2002 09:16:17, UDP port probe, 213.237.174.100, 10
13-02-2002 20:25:16, Telnet port probe, 202.109.249.77, 2
11-02-2002 18:02:31, TCP port probe, adsl-119-46.38-151.net24.it, 1
11-02-2002 23:06:04, TCP port probe, CPE00e0296dfa9a.cpe.net.cable.rogers.com, 2
12-02-2002 02:10:04, TCP port probe, ARH1976, 2
12-02-2002 16:43:56, TCP port probe, 65.116.73.99, 1
12-02-2002 20:04:45, TCP port probe, 211.91.135.55, 1
13-02-2002 17:43:07, TCP port probe, 62.110.117.66, 1
13-02-2002 17:53:22, TCP port probe, 62.4.72.197, 1
11-02-2002 02:39:46, SubSeven port probe, 12-225-219-8.client.attbi.com, 4
11-02-2002 04:52:32, SubSeven port probe, MOZZILLO, 3
11-02-2002 22:14:29, SubSeven port probe, COMP01, 3
12-02-2002 03:54:59, SubSeven port probe, p383-tnt5.syd.ihug.com.au, 3
12-02-2002 18:56:01, SubSeven port probe, 64, 3
12-02-2002 20:13:52, SubSeven port probe, kbl-zrz1709.zeelandnet.nl, 3
13-02-2002 17:31:46, SubSeven port probe, IBMBN124D1, 4
13-02-2002 08:00:08, SMTP attack, CC225398-A, 1
13-02-2002 11:06:02, SMTP attack, UP02, 1
13-02-2002 16:59:03, SMTP attack, groundzero.ordb.org, 2
11-02-2002 03:44:21, RPC TCP port probe, 213.155.37.162, 2
12-02-2002 22:36:28, RPC TCP port probe, 203.162.52.163, 1
13-02-2002 07:02:47, LPR port probe, SERVER, 2
11-02-2002 05:26:38, FTP port probe, adsl18.dyn202.pacific.net.sg, 3
11-02-2002 05:40:23, FTP port probe, tor.klippan.se, 1
12-02-2002 00:03:41, FTP port probe, 211.167.73.250, 1
12-02-2002 19:39:05, FTP port probe, 207.250.124.193, 1
12-02-2002 21:18:00, FTP port probe, fra-tgn-oyx-vty13.as.wcom.net, 1
13-02-2002 15:02:55, FTP port probe, as4-5-6.ars.s.bonet.se, 2

Det er PISSE irreterende...

Somewhere, Windows users were innocently turning on their PC's. Lacking any effective personal firewall security (we will see later that BlackICE Defender provides no protection), the Zombies running secretly and silently inside those machines were connecting to this IRC server. They maintained persistent connections for the duration of that PC's access to the Internet. The Zombie and its master don't care whether the machine is cable-connected, DSL, or dial-up — though higher-speed connections are always preferred, as are machines that tend to be "on" most of the time. After all, you just never know when you're going to need to go attack someone.


taget fra http://grc.com/dos/grcdos.htm

god læsning!

og med det menes der ?

det er muligt at blackice ikke beskytter, men det er fandme irreterende at den pr. default lukker webserveren ude...

Vælg Advanced Firewall settings i menuen Tools. Her kan du tilføje/fjerne/redigere FW regler på IP og port niveau !

F.eks. med port 80:

1) Klik på Add
2) Skriv et navn. F.eks web server
3) Sæt kryds i All Addresses
4) Fjern krydset i All Ports og skriv 80 i feltet ved siden af
5) Vælg TCP i dropdown menuen (lav en regel mere hvis det også skal gælde UDP!)
6) Sæt Mode til Accept og Duration of rule til Forever
7) Klik Add

Nu skulle folk gerne kunne komme ind på din Web server :)

Snowball

Smid blackice ud og hent ZoneAlarm fra www.zonelabs.com den er bedre.

Der er forresten også lige blevet opdaget et KÆMPE hul i blackice.

Disky: Det hul er længe rettet igen !

Snowball

takker ;) det hjalp big time...

Hojben>> Jeg kan se at du har nogle pings fra skjoldhoej.dk - har du nogen tilknytning til Skjoldhøjkollegiet??

fcs > overhovedet ikke..

aner ikke hvor det ligger..

havde ikke set dit indlæg før nu...