Results 1 to 2 of 2

Thread: Massive Intrusion Attempts

  1. #1
    casar Guest

    Default Massive Intrusion Attempts

    I suffer from numerous intrusive attempts. I have only had the firewall for a few weeks and thefirewall is at 40000+ blocked attempts. I am thinking of asking my provider to change IP or whatever.What else can I do?
    I am a registered user of the latest edition,
    Robert Dolen

    Operating System:Windows XP Home Edition
    Software Version:
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    watcher Guest

    Default Re: Massive Intrusion Attempts

    Dear Casar:

    Please check your firewall log and note the port numbers they are trying to connect to on your PC, located in the Destination IP column. You can go to IANA's website to look up the port number and what services use it or Google it. Now, click the More Info button in the lower right of the Log Viewer tab with the event selected. This will activate CheckPoint's Online SmartDefense Advisor, using your browser. The Overview tab will give you a short explanation re what happened for this event and then click the Hacker ID tab to find out who's trying to connect to your computer. Personally, I have all these Chinese sites trying to connect to my computer for spam and other malicious purposes. The Hacker ID tab will give you the IP range for these sites which you should write down. Once done, create expert firewall rules to block this traffic by clicking Firewall panel, Expert tab. Expert firewall rules are processed before the Zone rules. You could also do the same in the Zones tab by adding the IP range to the Blocked zone but, again, using expert firewall rules offloads the malicious traffic before the Zone rules are applied. Once I determine traffic is malicious, I block the IP range and no longer log it, as I have identified it already as malicious and I have fewer log entries to analyze in the future. Using this method, and blocking the worst offenders first, your logs will be much more manageable and you spend less time reviewing them. Don't try and do all of them in one night. Do like 1/day, removing the malicious sites that generate the most entries first, and before long you will have fewer and fewer entries to analyze.

    If you choose to do nothing, however, you are still protected. ZAISS performs stateful packet inspection so all unsolicited traffic will still be blocked. You'll just have all those entries listed in your firewall log because, by default, it logs all blocked traffic.

    Hope this helps.


Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts