namvet

... a few months ago there was a post on the board in which Gaussian gave some information including a url for Zonealarm ..... within the thread, about Zonealarm, it was stated that those users on modems were "less of a target" (paraphrased) .... since then I have been a bit confused/concerned as it seems that my Zonealarm firewall seems to, at times, work 'overtime' blocking requests for access .... the pic below (of the Zonealarm log/alert file) is taken whilst I was visiting PSG, and is on my new computer (and is my first go at setting up my own computer) ... soooo .. can someone clarify if my log/alerts file is normal? ... and also what on earth is the ICMP (type8/subtype:0) I'm getting in the protocol column?? as I don't recall seeing this on the older computer ... thanks

ICMP stands for Internet Control Message Protocol. It's a sort of diagnostics and troubleshooting protocol. I assume that type 8 (not sure) is an Echo request. One computer sends a network "packet" to your computer and if your computer responds, then the sender knows that your computer is reachable. What hackers do is that they scan a large range of IP addresses and send echo requests to see who's online. Nothing to worry about, this happens continuously with everybody who is online. They might consider once they discover that you're online, to check if it's interesting to hack you. Again, not a lot to worry about, because your firewall will make it extra difficult for them to get in. The only time that they really start getting interested, is if they notice that you're on a high speed connection and that you're running a server with many users attached.

See, you have two kind of hackers;

a) those who have NO real knowledge about how to hack and only know how to use some simple tools to hack a user who's not protected with a firewall. 99.9% of the intrusion attempts are coming from these amateurs or also called script-kiddies. Every descent firewall can protect you against them.

b) The real hackers. They DO know what they are doing. They've already discovered in the past how to hack simple systems, so they're not interested anymore in you, me and the guy next door; it's not a challenge for them. They only go for professional targets.

namvet

thanks for that reply Gaussian ... I'm just trying to understand all this stuff .. for 4 years I've watched a Veteran friend set up and fix and modify my computers and with my latest purchase I decided I would have a go at it, so I am just a bit 'twitchy' about this one ... next move is to get my old comp (Bugs 1) back and 'explore' ... to quote Julias Sumner-Miller "why is it so?" ... and poor old Bugs 1 is going to be my "why is it so" experimental/learning/understanding computer

No problem if you have any more questions Ian.
I mean, the first thing that we need to have to use Photoshop is a computer, so a lot of these questions and answers can be very helpful, not only for you, but a lot of other people.

wbiss

Great explanation, Gaussian! [righton]

Yes, we all benefit when you take the time to explain technical matters so clearly for we "non-techies"!

Thanks for doing so!

mmagikman

I second that Wendy.
I was wondering about that report also...just didn't think to ask.

Ok, here?s more food for thoughts

There are sites on the net that collect all known vulnerabilities of the different Windows operating systems. These sites are mostly visited by Network Administrators.

Guess what, hackers like to visit these sites too
So instead of searching for unknown vulnerabilities, hackers just go through the list and check each one of them until they find one that is not corrected by any kind of patch or update on that particular server that they want to hack.
So if you want to be really protected, then it's important do install every security update available. There?s only one problem; lots of the updates and patches have the tendency to cause problems in other areas, making your system unstable or slow for example.

It's the never-ending ?Microsoft updates? story. That's the reason why a lot of network administrators avoid installing every patch right away. So until Microsoft finds a solution for this, we will have servers that are not 100% secure and you can't just blame the administrators.

To give you an example. I knew someone who installed Windows NT Service Pack 4 on the server of his company. It took him over a week to clean up the mess!! You have to understand that this was a production server, in use by some 100 users.
Weeks after Microsoft admitted that there was something wrong with the service pack. I think that you can imagine that this guy will wait a bit longer, before installing a new update.
Result; an insecure system.

wbiss

[stuned] Yes, food for thought indeed.

Thanks for the 'education', Gauss! [righton]