~15,000 blocked intrusions in Zone Alarm in ~7 days of the computer being on 24/7.

[Zero Plasma]

Zero are high rated though, so I guess thats good.I have heard a lot come from you ISP, but I'm getting ~2000 a day. I reinstalled Zone Alarm and then decided to leave that computer on 24/7. Does ~15,000 a week sound right for a computer thats on 24/7? What do you guys get?

 

[IEC]

Are you directly connected to the internet or through a SPI/NAT firewall on your router? That sounds freaking high to me - I only get about 7 a day on my Kerio PF on more restrictive custom settings.

 

[Rottie]

That is pretty a lot. I have ZoneAlarm Pro Suite 5. I have 180 intrucions that have been blocked and 2 of those have been high rated since last install 3 or 4 months ago. I guess that is because it is running behind NAT built in router.

 

[Snapster]

I barely get 20 a day according to my router/firewall logs, maybe one of which is highly rated a month.

 

[alm4rr]

34168 since install blocked
2946 have been high rated

 

[GimpyOne]

I've been getting 50-75 per day with 2-5 being highly rated.

Almost all of them are medium, but I'm pretty close to directly plugged in with no firewalls/routers/etc... between my computer and the net.

So, I'd say your number sounds pretty high.

Out of curiosity, have you checked the IP's they are coming from? When I've used Zone Alarm in the past, I know have had problems where it thinks that the DHCP server or someone scanning the network to do a printer install was an intrusion.
edit: or a file share when opening network neigborhood for that manner...

 

[nweaver]

Depends on connection, my Iptables firewall on cable was getting between 12-1400 packets logged a day. Before changing my SSH from a nonstandard port I would get between 0 and 2000 attempts to log in every day.

 

[Firus]

The log on my router/firewall show that I get many intrusion attempts at home...it doesn't say what kind or anything though, so I don't know how severe. Seeing as there are so many (probably about 100/day) I don't think they could be all that bad. Reading this post makes me feel a little better, I thought I was getting way too many.

 

[wexsmith]

If you use the torrent networks then open up your default traffic ports, 6881-6889 probably, in Zonealarm. Those 2000+ hits will still come through your firewall, but wont be reported by Zonealarm as blocked traffic.

If you don't use the torrent networks then...umm...good luck!

 

[n0cmonkey]

Looking at the logs is worthless if you don't understand what you are looking at. I'm betting a high rate of false positives.

 

[bjc112]

Originally posted by: n0cmonkey
Looking at the logs is worthless if you don't understand what you are looking at. I'm betting a high rate of false positives.

I agree.. Zone Alarm is pretty touchy.. Reports damn neear everything..

 

[Zero Plasma]

Okay guys, I've been busy. This computer is not behind a router, it's just pluged directly into a DSL modem.

 

[n0cmonkey]

How severe are the alerts really? Ignore ZA's classification.

 

[Maluno]

Originally posted by: bjc112

Originally posted by: n0cmonkey
Looking at the logs is worthless if you don't understand what you are looking at. I'm betting a high rate of false positives.

I agree.. Zone Alarm is pretty touchy.. Reports damn neear everything..

Which is why it is an excellent program.

 

[n0cmonkey]

Originally posted by: Maluno

Originally posted by: bjc112

Originally posted by: n0cmonkey
Looking at the logs is worthless if you don't understand what you are looking at. I'm betting a high rate of false positives.

I agree.. Zone Alarm is pretty touchy.. Reports damn neear everything..

Which is why it is an excellent program.

Not really. Reporting nothing is better than reporting everything when the person watching the reports knows nothing.

 

[wexsmith]

Not really. Reporting nothing is better than reporting everything when the person watching the reports knows nothing.

Wow....just wow.

 

[n0cmonkey]

Originally posted by: wexsmith

Not really. Reporting nothing is better than reporting everything when the person watching the reports knows nothing.

Wow....just wow.

Would you like to say something useful about my comment?

 

[JustAnAverageGuy]

Originally posted by: n0cmonkey
Not really. Reporting nothing is better than reporting everything when the person watching the reports knows nothing.

Personally, I'd rather know I screwed up my security than think I was safe when the network was totally open.

Paranoid > false sense of security.

 

[n0cmonkey]

Originally posted by: JustAnAverageGuy

Originally posted by: n0cmonkey
Not really. Reporting nothing is better than reporting everything when the person watching the reports knows nothing.

Personally, I'd rather know I screwed up my security than think I was safe when the network was totally open.

Paranoid > false sense of security.

But what good do those alerts do you if you don't understand them? They're just going to freak out some grandma that thinks she is being hacked when someone pings her. :roll:

 

[alm4rr]

those alerts can be turned off so they don't pop up

 

[Pr0d1gy]

Originally posted by: JustAnAverageGuy

Originally posted by: n0cmonkey
Not really. Reporting nothing is better than reporting everything when the person watching the reports knows nothing.

Personally, I'd rather know I screwed up my security than think I was safe when the network was totally open.

Paranoid > false sense of security.

Format every few weeks > Buying $100-200 of security software...lol

 

[Pr0d1gy]

Originally posted by: alm4rr
34168 since install blocked
2946 have been high rated

That would be insanely high for a year, much less that amount of time.

 

[Zero Plasma]

He didn't say how long that took to build up. (?)

 

[alm4rr]

it's prob been @ 2 years since last format

 

[Maluno]

Hehe thats nothing, I get that many in two weeks!