I currently have a mcafee firewall installed and i am very happy with it compared to others i have tried but my concern is this the last couple of days the firewall seems to blocking a ton of traffic today so far it has blocked 600 inbound attacks so it will prob be 4 figures by tonight is this normal ?any feedback would be appreciated thx

hi adam i havent used mcafee as i use zone alarm so this is really just an educated guess as i once had the same problem with my firewall (zonealarm) you could try checking in the settings of mcafee (as i say i dont know how mcafee's interface is so i cant tell you where to go) and check that alerts and logs is set to show only high rated alerts and not .
i hope this helps

sorry----only high rated and not all alerts

i really must start reading what i write before i post lol

Yeah thats only noise scriptkiddies,worms,portscans,viruses,blah,blah,blah.
If you dont want to keep getting all that noise in your logs. Get a router with (NAT)
it will drop allthose packets.
Tip: Harden that box and IE.
I have not had a port scan in over 8 months & when they do scan my router "be sorry they will" go ask the kids ISP.

PS: ZoneAlarm I give a 1 out of 5 IMHO

yeah thx guys i wasnt overly concerned as i have done a port scan and they are all blocked but i dont now that much about internet security and was slightly concerned that the same ip addresses were attacking over and over again f*£$"&s but ill get my own back soon enough hahaha thx again

Did you do a port scan from a remote location, using nmap?
Or are you listening to the gibson camp.
http://www.grc.com/
PS: kazaa will preform a portscan aswell.
Do a whois on the IP
www.DNSstuff.com

http://scan.sygate.com/ (sygate over ZoneAlarm any day)

Sygate beats the pants off McAfee, Symantec, ZoneAlarm, Tiny, and a slew of others.

If you're on high-speed (broadband) Internet, you can expect a lot of portscans, probes, and other "scans." Most of these are harmless, unless your ports are hanging wide open.

There *should* be an option of some sort to limit the notifications you receive about portscans & such. Sometimes they're referred to as "silent" alerts, wherein they only show up in the logfiles, as opposed to popping up some sort of alert box.

If you don't have access to nmap, or don't know anyone who has it/knows how to use it/knows what it is, feel free to ask one of the *nix gurus for assistance.

...and don't bother with Gibson and his drivel...

The insecure.org port(for NT), quite frankly sucks bad. I was very disappointed when I first tried it, until I discovered the eEye program.

Use eEye's nMapNT found at:

http://www.eeye.com/html/Research/Tools/nmapnt.html

This software is more functional, less buggy than the insecure.org port. Additionally the eEye's nMapNT features performance on par with the original nMap. (it is integrated in parts within eEye's Retina and Iris scanners which actually do a few types of network scans actually faster than the nMap.)


I know the most common (and rare) NMAP switches, how they work and what they do NMAP can be *VERY* powerful when used properly.

See, this site lacks a security community which is a shame! Considering half of the questions on the board, resulted in user problems with lax security.

weather channel no way mate sygate is terrible i used that for a while and didnt like (each to thier own) i know zalarm PRO is a resource hogger but i dont worry bout that as i have a lot of RAM. have you seen the latest version of ZA PRO (4.5.530) it really is the kiddie for the job. full of little features to track the sucker down i found sygate to be a little over protective at times and became a pain in the ass.
have a look at zone alarm and judge for yourselves www.zonealarm.com

peace

Pls Don't be a SYHATER.
Maybe, you downloaded a corrupt version off Kazaa.
How is sygate a pain?
"Track the sucker down"...............not quite that WHOIS feature is little more than a marketing ploy & is not accurate at all. IMHO There are real tools for that task believe me and that WHOIS built in feature is not one of them. It's just a false sense of security given to the average user to make them feel better.
How is SYGATE over protective?