Results 1 to 5 of 5

Thread: hacker incident scores

  1. #1
    mrsj Guest

    Default hacker incident scores

    Why is it that when I submit the alert info, one alleged hacker ID had an incident score of more than 10,000 , and it was said not to meet the minimum threshold to be a problem ? Other times I will submit the info, and get a score with a minus in front it . Such as this one:

    http://fwalerts.zonelabs.com/fwanaly...tIncident=true

    "-6360"

    How can somebody have a negative score - especially when they are blasting away at me- and no doubt others -on a daily basis ?

  2. #2
    mrsj Guest

    Default Re: hacker incident scores

    Ok, this is interesting and weird - yesterday some hours after posting I checked my own link to the incident ,
    and the score had gone up to -7000 or so. Today I check it again, and the score has gone DOWN to -5660.

    ?????????????

  3. #3
    jarvis Guest

    Default Re: hacker incident scores

    Although a particular computer may be sending lots of attempted connections your way, it is not necessarily hacker activity; there is another possible explanation.

    Lots of people are using Peer to Peer file sharing programs now (e.g. Kazaar) which means they are directly downloading files from eachothers computers. If one of these people is on your ISP and they disconnect from the net, when you connect you might be assigned the IP address that they just surrendered. If that person was offering lots of files for sharing, other people on the P2P network might try to download them - only now it's your IP address they are trying to connect to and their attempts are blocked by ZA.

    Also, there's a school of thought that goes "if your firewall is blocking traffic, leave it to do it's job. Don't report it to anyone as it's likely to just waste their time." ZA's Hacker ID function is one of those things designed to make you feel you could "have your revenge" against people who attempt to connect to you. But bear in mind that they are not necessarily doing it on purpose - their Peer to Peer program is doing it.

  4. #4
    mrsj Guest

    Default Re: hacker incident scores

    Thank you for your reply, it was very informative and interesting . However , it does not answer my question which concerned how scores could go down , why they would have a minus in front in front of them , and how scores of more than 1000 would not be considered as meeting ZL's own criteria for a hostile attack. If there is something else going on, perhaps ZL could add some kind or wording to alert the user that their own stated criteria has exceptions and should not be taken literally . (Please note that I did say "alleged hacker" .)

    "Have my revenge" ? That's rather quaint. I don't think I'd be looking to a mainstream product for something as complex as that. I had the strange assumption I was being perhaps helpful and providing some kind of needed feedback information for something I saw as odd . (Silly me !)

  5. #5
    ai_tak Guest

    Default Re: hacker incident scores

    Actually if it is -5000 it is less than 1000, not more. Also, I've noticed that mynetwatchman.com (what ZA reports to); hasn't quite been working right for a while, most reports don't seem to be recorded and parts of the site aren't working, which may explain the negitive scores.

    Message Edited by Ai_Tak on 07-20-2006 01:21 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •