Thorazine
02-21-00, 09:34 PM
Just as a FYI....
Careful what you perceive as an "attack". Close to 80% of what BlackIce reports is merely informational (Especially if you have the Paranoid setting enabled). TCP/UDP/ARP/RPC port probes can come from a host of sources. Some are: UDP port probe(Most likely the game server your playing on is ACK'ing your packets. This is good): TCP Port probe might be the FTP server you just requested a file from. Maybe some one mistyped an address to log into PCAnywhere at their office. Crap like this will fill your logs, but it doesn't mean someone is attacking your machine.
Things to look out for is stuff like. Sscan probes, BackOrifice pings and Trojan Horse Probes. Or the same address probing several different ports in a short period of time.
The reason I wrote this is because I see alot of people posting they are "reporting" people for acts which may not be attacks on your machine. Remember "Tis better to be the fool with your mouth shut than open it and remove all doubt." I don't know who said it, or the exact wording but you get the idea.
Secondly now that I have your attention. I think I may have found a bug (minor one) that blackice has. If you change your network settings (i.e. ip, gateway, mask, workgroup), when windows trys to reboot, BlackIce crashes. Can a couple of you verify this so I can post it to there site? You can work around it buy closing BlackIce before you make the changes.
Oops, Sorry Philip et all. This really should have been posted in the Computer/Security forum but more readers will be exposed to it here.
[This message has been edited by Thorazine (edited 02-21-2000).]
Careful what you perceive as an "attack". Close to 80% of what BlackIce reports is merely informational (Especially if you have the Paranoid setting enabled). TCP/UDP/ARP/RPC port probes can come from a host of sources. Some are: UDP port probe(Most likely the game server your playing on is ACK'ing your packets. This is good): TCP Port probe might be the FTP server you just requested a file from. Maybe some one mistyped an address to log into PCAnywhere at their office. Crap like this will fill your logs, but it doesn't mean someone is attacking your machine.
Things to look out for is stuff like. Sscan probes, BackOrifice pings and Trojan Horse Probes. Or the same address probing several different ports in a short period of time.
The reason I wrote this is because I see alot of people posting they are "reporting" people for acts which may not be attacks on your machine. Remember "Tis better to be the fool with your mouth shut than open it and remove all doubt." I don't know who said it, or the exact wording but you get the idea.
Secondly now that I have your attention. I think I may have found a bug (minor one) that blackice has. If you change your network settings (i.e. ip, gateway, mask, workgroup), when windows trys to reboot, BlackIce crashes. Can a couple of you verify this so I can post it to there site? You can work around it buy closing BlackIce before you make the changes.
Oops, Sorry Philip et all. This really should have been posted in the Computer/Security forum but more readers will be exposed to it here.
[This message has been edited by Thorazine (edited 02-21-2000).]