Hoover Pilot

Following past postings on Zone Alarm I downloaded it and have been using it for a week and I have to say I'm impressed.
It doesn't seem to have slowed anything down and I have had a few alerts (though not as many as other people had reported).
However, does anybody have any suggestions on good tracer programs to try to identify who is trying to get into my system? I'm happy that zone alarm is stopping them but I'd like to know who they are.

addinfurnightem

You could try http://www.samspade.org who does a programme called "SamSpade" There is also a web page called checkdomain.com.

fobotcso

This program called Black Ice Defender was recommended in The Times a few weeks ago. The number of hits that it shows my PC is taking is very disconcerting but I haven't yet figured out what to do about it. Well worth trying out.
http://www.networkice.com

[This message has been edited by fobotcso (edited 22 July 2000).]

[This message has been edited by fobotcso (edited 22 July 2000).]

[This message has been edited by fobotcso (edited 22 July 2000).]

selcal

I use BlackIce and found it easier than any of the others.

Regarding fobotcso's comment, go to the intruders tab and right click on the attack and you can block the offender as you require.

To test your system go to http://grc.com/ and try, you will have to download a small (20kb) file to help them make sure they are checking your machine. They also have a program called 'Opt Out' which removes a lot of 'spy' programs from your system. Worth doing.

Speechless Two

The full version of ZoneAlarm is supplied on the free CD-Rom in the September 2000 issue of Personal Computer World.

blackadder

Try neotrace or checkdomain, I use both to track credit card conmen.

Hoover Pilot

Thanks for the response people.
I have downloaded neotrace but am not sure how to use it properly - well without a flight manual I'm snookered.
It seems to be a program geared more towards tracing faults in the routing of a message transfer rather than tracing an idividual address. But, like I say I don't know how to use it properly. Any tips please.

HP

Ps Does zone alarm interfere with it??

The Zombie

Hoover Pilot, I am no expert on these things and so what I offer here is no more than my experience to date.

The ZoneAlarm Firewall (Free) IMHO does the job very well and if you have checked the box on the Alerts menu to log alerts to a text file then you have a record too, rather than keep on getting the popup alert which after a while is a pain.

I too used to worry about who was hacking little old me in the big www. But it is probably nothing more than a random scanner sweeping past you and thousands of others.
It is I believe still illegal though!
However if you are still interested in who, then Neotrace is a great program to use (including world maps) and here is how to look up a 'Whois'.

Place IP address into Neotrace address box (including all points) and trace.
On the List menu place your cursor over the final node (ie.the one you are tracing) and right click to get a sub menu.
Then left click on Whois details... and the registration details of this IP address if known on this register is displayed.

Hope this was of some help.

Can I go and sleep now?

Hoover Pilot

Hey Zombie,
Thanks for the info. I've had a bit more success with neotrace by turning off zone alarm when I'm trying to trace something. However, I didn't know about the right click sub menu so that's a great help.
As an aside I do have the alert log enabled but in the passed week and a half I've only had one (yes one) attempt at getting into my computer. So I've left the pop-up box enabled because I'm geting hardly any pings.
Maybe no-one's interested in what I've got (story of my life!) or maybe it's not set up corectly - any thoughts??
Regards
HP

The Zombie

Hoover Pilot
The whole point is to keep the firewall up and running so as to (hide) fully use its protection. If you turn it off then it cannot help. After giving ZoneAlarm your permission for Neotrace to access the internet you should not have any more problems. You have done this haven't you. Yes you must have done this.

Can I go to sleep now?

desertbootz

I wouldn't be too concerned about having your ports sniffed once in a while. Far from someone trying to access your specific 'puter it's most likely some gob$hite kode kiddie with an off-the-shelf scanner trawling for what they can find. I admin a site and sometimes amuse myself watching all the mappets bouncing off our firewall, it happens too often to do much more than keep yr shields charged and up to date. Don't sweat it (unless u keep valuable secrets on a home pc in which case u deserve to be cracked), don't bother trying to trace them, do keep yr shields up.

[This message has been edited by desertbootz (edited 09 August 2000).]

MAX REVERSE

Can't remember the last time I bothered to trace an access attempt, but I remember that I couldn't get ZoneAlarm to allow NeoTrace to do its thang until I dropped the Zonealarm security levels.

ORAC

For interest, I have installed Norton Personal Firewall II. I went to the GRC site and ran their test where they try to access your machine. Tight as a drum.

They reported that they could not even see the PC existed except on all but 2 ports. On those 2 they could see it existed but nothing else.

addinfurnightem

Any one out there offer any information about the advantages and disadvantages of ZoneAlarm v. PortIce 2.0 please?
Would they run side by side or interfere with each other?

[This message has been edited by addinfurnightem (edited 10 August 2000).]

MAX REVERSE

An analysis of personal firewalls can be found here.

fobotcso

Brilliant, thanks.

blackadder

None of the above will give you more than the isp address of the user of a particular IP number, that's why we dumped neotrace etc. in favour of http://checkdomain.com
ie, you won't get further than the ISP's name & address.