I just checked my zone alarm logs...Question

[bob999]

I found that someone had made more than 50 attempts on my computer . I checked RIPE and it came back with an address in St.Petersburg in Russia - which I found disconcerting. (isnt that supposed to be a place where many hackers originate ?)

The question is :
how is this possible when my firewall makes everything stealthed so no-one should see it .
and why would anyone want to attack my computer - dial up only - and nothing of any importance on it.

[Norm]

Since you are on dialup your IP changes everytime you dial in. The last guy with your IP address wasn't stealthed. (my best guess anyway)

There is a program called zonelog analyzer http://zonelog.co.uk/
you may want to try.
It analyzes the ZoneAlarm log and gives you a bit more info on ports and what trojans etc would use (try to access) those ports.
Have a read at the link I provided, there's a lot more to it than just what I posted.

I think you'll like it.

[Juggernaut]

Ya if you use ZoneAlarm you should grab zonelog analyzer. If the firewall stopped it, there probably isn't anything to worry about. Check one of the security sites that do testing of your computer and make sure you really are stealthed

[bob999]

Out of interest , what would have happened if I had no firewall and some of my ports were open ? After probing and finding vulnerabilities what happens next ( in most cases ) ?

[Croc]

Depends if the person trying is interested in what you have on your system.
Once the person was in, a program that would give remote access could be installed, but this would be a waste of time in your/our case with your IP changing with each connection.

I wouldn't be overly concerned about that number of hits. I would be if there were hundreds over a short space of time from one IP.

Croc.

[Dakota]

Getting hits from Russia, China, Korea, Germany, etc etc is VERY common. ZA is doing its job. They're not getting through. I wouldn't worry about it.

[UnitedWeStand]

Originally posted by bob999
I found that someone had made more than 50 attempts on my computer . I checked RIPE and it came back with an address in St.Petersburg in Russia - which I found disconcerting. (isnt that supposed to be a place where many hackers originate ?)

The question is :
how is this possible when my firewall makes everything stealthed so no-one should see it .
and why would anyone want to attack my computer - dial up only - and nothing of any importance on it.

St. Petersburg Russia, oh no you're hit dude.. they feed on your weaknesses, if you have a slow connection or a fast connection, they are going to delete lots of stuff behind your back, check your recycle bin now them Russians have got into your computer and did some bad things, is your mouse cursor moving and you're not touching it nor using keyboard. Dude your getting hacked. now check your documents folder, does it all look good everything there the last time you checked.. well look again.. look at everthing now.
if you hit alt+home key does it send you to your home page that you want.
oh no man, they hacked me.

























Just Kidding!!!

I too was paranoid, I still get like that once in a while, I found that since I found a trusted firewall, security on the internet well its just nothing to worry about, because I can just look at the bottom of my desktop and see incoming and outgoing requests to and from my computer. I personally like Kerio Personal Firewall, its really simple to use and its free too. Kerio in a nutshell
Kerio Personal Firewall (KPF) is a software agent that builds a barrier between your personal computer and the Internet. KPF is designed to protect your PC against attacks from both the Internet, and other computers in the local network.

KPF controls all data flow in both directions – from the Internet to your computer and vice versa, and it can block all attempted communication allowing only what you choose to permit. This makes KPF an ideal solution for notebook computers that freely travel in and out of the corporate network, facing exposure to various risks as they connect from different locations.
Kerio Personal Firewall protects against
information theft, modification or destruction
Trojan horse applications
spyware
unauthorized access from within the local network
denial of service attacks to applications or services


Available FREE for home use. Business and institutional customers are encouraged to download this software for evaluation purposes.

For Windows 98, Me, NT, 2000 and XP.
NOTE: Windows 95 is no longer supported due to the termination of its support by its producer.
Download the latest version.

Key Features

->Blocks all externally originated IP traffic.

-> Automatic stealth mode renders the desktop invisible to potential intruders. Three security settings for easy configuration.

->MD5 signature verification protects the computer from Trojan horses spoofing as trusted programs.

->Connections dialog clearly displays each application's activity at any given moment.