Here's a complaint SOMEBODY will get soon. Somebody want to post a
response that will work on ALL these requests? If I had a canned response I
could head some of it off (a trickle maybe).
Still using Wozz's original post as boilerplate.
Erick
-----Original Message-----
From: Jazereel <jazereel_at_aol.com>
Newsgroups: comp.security.firewalls
Date: Tuesday, February 29, 2000 1:11 PM
Subject: Using Conseal & ZA-Would like to report this geek
>Hi,
>
>I recently discovered Zone Alarm and it worked well. I then found Conseal,
and
>I like it better. The problem is, Zone Alarm isn't notifying me any longer
of
>attempted connections or intrusions. I'm just wondering, does anyone know
if
>running the two programs can effectively disable the other?
>
>Also, I am getting at least 5-10 windows every time I'm signed on...several
>connection attempts, ICMP blocks...someone tried to send me NetBus the
other
>day. Most of the windows say "IP address wants to talk to you" and I
simply
>block it which creates a new rule. I'm no hacker guru, just trying to
protect
>my privacy and PC.
>
>Conseal returns all the information regarding these attempts in....is there
>anyone out there on the Net who will handle such abuse? I'm a member of
AOL.
>I contacted the Research Dept and was informed that unless this user
threatens
>my life, they will not act on it. I can't believe there's such an open
black
>hole to their member's pc's and they don't have a department which deals
with
>intrusions.
>
>Any information regarding this would be greatly appreciated.
>
>Email is cool. :)
>
>Jaz
>
-----Original Message-----
From: Wozz <wozz+incidents_at_WOOKIE.NET>
To: INCIDENTS_at_SECURITYFOCUS.COM <INCIDENTS_at_SECURITYFOCUS.COM>
Date: Tuesday, February 29, 2000 12:18 PM
Subject: Re: @home: Is *anyone* really home there???
>On Mon, Feb 28, 2000 at 11:32:39AM -0500, Greg A. Woods wrote:
>> [ On Friday, February 25, 2000 at 18:41:39 (-0700), Wozz wrote: ]
>> > Subject: Re: @home: Is *anyone* really home there???
>> >
>> > I'm the head of the security department for a large nationwide
>> > cable modem provider that is in the exact same situation @home
>> > is. We get hundreds and hundreds of complaints a day, often times
>> > about how someone's "hacking" them, when in fact, someone misdirected
>> > a web browser in their direction.
>>
>> I've had words with the Jammer support folks to try and convince them
>> that (a) this kind of event is not necessarily a "scan" of any type and
>> it is most definitely not a "TCP port scan" when seen on its own, and
>> (b) it's just as likely that the source address is forged, (c) to use a
>> better choice of words and to avoid "hack" and "attack" and their
>> derivatives, and finally (d) to include the IP number of the client at
>> the time of the incident. Unfortunately I don't think I've had any
>> success at convincing them to change anything at all.
>
>Jammer is the worst offender. Its gotten to the point where I'm ready to
>start ignoring Jammer reports, since i think i've had 1 out of maybe 2000
>reports from Jammer state anything useful. I've also talked to them abotu
>this "port scan" message and never got a response.
>
>> BTW everyone, I really really really detest the misuse of the words
>> "attack" and "hacker" in any of these situations. Wozz put the word in
>> quotes which is correct, but the Jammer folks don't and the Jammer
>> subject line nearly drives me up the wall even before I read the
>> messages! (Yes I manage my own stress level so as to avoid popping any
>> important blood vessels over this! ;-)
>
>The overuse of these home "firewall" solutions is making overall security
>worse, IMHO. I spend a majority of my time at work filtering through stuff
>like this, and not spending time working on things that would actually
improve
>security. Thankfully, I've just recently gotten approval to hire someone
to
>just sit there and sift through all this junk for me.
>
Received on Mar 01 2000
Intro
