firewall issues

hi adam i havent used mcafee as i use zone alarm so this is really just an educated guess as i once had the same problem with my firewall (zonealarm) you could try checking in the settings of mcafee (as i say i dont know how mcafee's interface is so i cant tell you where to go) and check that alerts and logs is set to show only high rated alerts and not .
i hope this helps

sorry----only high rated and not all alerts

i really must start reading what i write before i post lol

I currently have a mcafee firewall installed and i am very happy with it compared to others i have tried but my concern is this the last couple of days the firewall seems to blocking a ton of traffic today so far it has blocked 600 inbound attacks so it will prob be 4 figures by tonight is this normal ?any feedback would be appreciated thx

Yeah thats only noise scriptkiddies,worms,portscans,viruses,blah,blah,blah.
If you dont want to keep getting all that noise in your logs. Get a router with (NAT)
it will drop allthose packets.
Tip: Harden that box and IE.
I have not had a port scan in over 8 months & when they do scan my router "be sorry they will" go ask the kids ISP.

PS: ZoneAlarm I give a 1 out of 5 IMHO

yeah thx guys i wasnt overly concerned as i have done a port scan and they are all blocked but i dont now that much about internet security and was slightly concerned that the same ip addresses were attacking over and over again f*$"&s but ill get my own back soon enough hahaha thx again

Did you do a port scan from a remote location, using nmap?
Or are you listening to the gibson camp.
http://www.grc.com/
PS: kazaa will preform a portscan aswell.
Do a whois on the IP
www.DNSstuff.com

http://scan.sygate.com/ (sygate over ZoneAlarm any day)

Sygate beats the pants off McAfee, Symantec, ZoneAlarm, Tiny, and a slew of others.

If you're on high-speed (broadband) Internet, you can expect a lot of portscans, probes, and other "scans." Most of these are harmless, unless your ports are hanging wide open.

There *should* be an option of some sort to limit the notifications you receive about portscans & such. Sometimes they're referred to as "silent" alerts, wherein they only show up in the logfiles, as opposed to popping up some sort of alert box.

If you don't have access to nmap, or don't know anyone who has it/knows how to use it/knows what it is, feel free to ask one of the *nix gurus for assistance.

...and don't bother with Gibson and his drivel...

The insecure.org port(for NT), quite frankly sucks bad. I was very disappointed when I first tried it, until I discovered the eEye program.

Use eEye's nMapNT found at:

http://www.eeye.com/html/Research/Tools/nmapnt.html

This software is more functional, less buggy than the insecure.org port. Additionally the eEye's nMapNT features performance on par with the original nMap. (it is integrated in parts within eEye's Retina and Iris scanners which actually do a few types of network scans actually faster than the nMap.)

I know the most common (and rare) NMAP switches, how they work and what they do NMAP can be *VERY* powerful when used properly.

See, this site lacks a security community which is a shame! Considering half of the questions on the board, resulted in user problems with lax security.

weather channel no way mate sygate is terrible i used that for a while and didnt like (each to thier own) i know zalarm PRO is a resource hogger but i dont worry bout that as i have a lot of RAM. have you seen the latest version of ZA PRO (4.5.530) it really is the kiddie for the job. full of little features to track the sucker down i found sygate to be a little over protective at times and became a pain in the ass.
have a look at zone alarm and judge for yourselves www.zonealarm.com

peace

Pls Don't be a SYHATER.
Maybe, you downloaded a corrupt version off Kazaa.
How is sygate a pain?
"Track the sucker down"...............not quite that WHOIS feature is little more than a marketing ploy & is not accurate at all. IMHO There are real tools for that task believe me and that WHOIS built in feature is not one of them. It's just a false sense of security given to the average user to make them feel better.
How is SYGATE over protective?

Pls Don't be a SYHATER.
Maybe, you downloaded a corrupt version off Kazaa.
How is sygate a pain?
"Track the sucker down"...............not quite that WHOIS feature is little more than a marketing ploy & is not accurate at all. IMHO There are real tools for that task believe me and that WHOIS built in feature is not one of them. It's just a false sense of security given to the average user to make them feel better.
How is SYGATE over protective?

i appreciate what youre saying. but i have used the WHOIS feature many a time and i think it is a little more than a marketing ploy. im not denying you probably have more knowledge than me with security. but im merely saying that sygate didnt work for me and i was only offering people a choice to do some research for themselves. ZApro is packed with featuresand to me is the better program in my experience. and is very secure.
sygate caused a lot of problems with my browser a lot of pages wouldnt open id have to nearly turn sygate off!!! to access the sites. that to me is overprotective everyone is different.
as to downloading a dodgy copy from kazaa i dont think so because i was using a 30 day trial version!!!!!!!
im not trying to cause an argument just saying to ME its the better program of the two perhaps you could list some pro's and con's with the two programs (without being to be to biased)

all the best
nigel

weather channel no way mate sygate is terrible

No, your experience with sygate was terrible,not sygate itself.
I wasn't questioning your opinion, I am however questioning the WHOIS feature in ZA.

Configuring SYGATE is real simple, hit applications tab in sygate remove all.
Next time something is trying to talk to the outside you get a prompt, you check the choices below.
A) Yes/ allow to connect to the internet
B) check little box to remeber this action.
____________________________________
C) No/ don't allow to connect to the internet
D) check little box to remeber this action

My cousin, she is only 12y/o, she runs SYGATE on her laptop without trouble.
She even checks her logs all by herself and calls me when she gets a portscan.

Sygate & ZA have forums aswell http://forums.sygate.com/vb/ * http://forums.zonelabs.com/zonelabs
Did you post at SYGATE with your problems. Im sure it was somthing simple.

Anyway I have the NMAPNT, I attempted an upload but the .zip is 1.9mb PM for it.

cheers

No, your experience with sygate was terrible,not sygate itself.
I wasn't questioning your opinion, I am however questioning the WHOIS feature in ZA.

Configuring SYGATE is real simple, hit applications tab in sygate remove all.
Next time something is trying to talk to the outside you get a prompt, you check the choices below.
A) Yes/ allow to connect to the internet
B) check little box to remeber this action.
____________________________________
C) No/ don't allow to connect to the internet
D) check little box to remeber this action

My cousin, she is only 12y/o, she runs SYGATE on her laptop without trouble.
She even checks her logs all by herself and calls me when she gets a portscan.

Sygate & ZA have forums aswell http://forums.sygate.com/vb/ * http://forums.zonelabs.com/zonelabs
Did you post at SYGATE with your problems. Im sure it was somthing simple.

Anyway I have the NMAPNT, I attempted an upload but the .zip is 1.9mb PM for it.

cheers

that is fundamentally how ZA works you allow the prgram access or you dont. you can click to remember action or not.and you can be stealthed from the net or be visibal and protected i can also set different programs such as kazaa with different security settings (while running it) as to the net while browsing.ie setting it to the trusted programs or not which i have full user control of im struggling to explain i might upload a thumbnail when im back in windows!!
but with sygate if i had the settings on full it would block pages id then have to all but shut the firewall down to acess the page. of course i know how to use a firewall i dont have any problems there. i tried norton internet security which was terrible. i then went for SYGATE PERSONNAL FIREWALL after reading a review in web user which said an all round good program but can be prone to overprotectiveness(is that a word)
i thought great how can anything possibly be overprotective
but i soon found out how. i had more gripes with it than this i cant remember them all it was a long time ago and i never gave it another thought till now i just unninstalled found a review on ZA PRO which i downloaded a trial like it got a key off kazaa and now i use the full program as im on broadband (as im sure most of us are)i obviously have an "always on connection" and i can simply "lock" the internet at a touch of a button. im using knoppix live cd at the mo (or trying to) so i cant look at the firewall to see the exact specs. but it rocks
i didnt bother posting on the sygate forum as i felt i was doing nothing wrong i just didnt like the program
as for NMAPNT do you mean EYEDIGITAL SECURITY?????

all the best

.and you can be stealthed from the net or be visibal and protected

Stealthing under many situations can actually give back _more_ information than just having the port closed, especially on server systems. Stealthing is just another farce from the Steve Gibson camp. If you have a system that is listening on port 80 and stealthing everything else, the attacker obviously knows that a system exists there, and using timing attacks a sophistocated attack can even determine the type of firewall you are running as stealthing adds more latency than having the port just not being open. This latency may be calculated be using a carefully constructed request to any open services. Once this is accomplished, the attacker can make a good guess about the firewall based on this data.

It's generally good practice (and good netiquette) to post the original URL you pasted the text from, so users can visit the site for further information.

come again mate!
Oh, ok, man nmap.....hehehehehe

i got nmap v3.50 but i cant install, i downloaded wincap program but cant find the info on how to link nmap to it and install. and for anyone who wants to see the the program in question click here :cheesy: