Site hosted by Angelfire.com: Build your free website today!
gracie_za

 
 
 
 
 
understanding zone alarm log entries


 
setting up zone alarm
 
upgrading zone alarm
 
installing pro over free
 
deleting database files
 
gracie's security pages
 
zonelabs website
 
moonlake cybersmiths
 
email gracie
lots of this stuff is techie-speak, but it'll give you a starting point. there are lots of good references on the net if you really care about this stuff <G>. the important thing is not to get crazy about your alerts; zone alarm STOPPED the hits, so don't worry!
 
identifying log entries:
* fwin - the firewall blocked an inbound packet of data coming to your computer. some, but not all, of these packets are connection attempts.
* fwout - the firewall blocked an outbound packet of data from leaving your computer.
* fwroute - the firewall blocked a packet that was not addressed to or from your computer, but was routed through it.
* fwloop - the firewall blocked a packet addressed to the loopback adapter (127.0.0.1)
* lock - the firewall blocked a packet due to a lock violation
* pe an application on your computer requested access to the internet.
* access - an application was blocked because it did not have access permission
* ms - mailsafe quarantined a file attachment
 
identifying tcp flags:
* s (syn) only set in the first packet initiating a tcp connection. it represents an attempt to make a connection rather than a response to an existing connection.
* f (fin) represents an attempt to terminate a connection.
* r (reset)
* p (push)
* a (ack)
* u (urgent)
* 4 (low-order unused bit)
* 8 (high-order unused bit)
 
also see the firewall forensics FAQ for much more detail.

"thanx bob h. & fred langa who got me started, & marcus of zonelabs for help above & beyond."
© 2001 All Rights Reserved.