controls network traffic and serves two basics purposes
- Prevent incoming communications that you did not request from entering your computer;
- Monitor what programs on your computer are allowed to communicate out.
The firewall does this by enforcing an access control policy
to permit or block (allow or deny) inbound and outbound traffice. Thus, the firewall acts as a central gateway for such traffic by denying illegitimate transfers and facilitatint access which is deemed legitimate. The goal
of the firewall is to prevent remote computers from accessing yours and provide notification of any unrequested traffic that was blocked along with the IP address
. keep in mind however, that a firewall is not a panacea to solve all of your security problems. If you will open ports through your firewall to allow access to an infected machine, then the firewall is no longer relevant.
If your firewall provides an alert
which indicates it has blocked access to a port
or detected an intrusion attempt that does not necessarily mean your system has been compromised. These alert messages are a response to unrequested traffic from remote computers
(an external host) to access a port on your computer. Alerts are often classified by the network port they arrive on, and they allow the firewall to notify you in various ways about possible penetration and intrusion attempts on your computer. Even if the port is open, the alert message indicates that your firewall has blocked the attempt to access it.
It is not unusual
for firewalls, IP blocking software (i.e. PeerBlock) and some anti-virus programs to provide numerous alerts regarding probing and intrustion attempts to access your computer. Botnets
and Zombie computers
scour the net, randomly scanning a block of IP addresses
, searching for vulnerable ports
- commonly probed ports
and make repeated attempts to access them.
Hackers use "port scanning
", a popular reconnaissance technique, to search for vulnerable computers with open ports using IP addresses or a group of random IP address ranges so they can break in and install malicious programs. Your security software is doing its job by blocking this kind of traffic and alerting you
about these intrusion attempts. For more information about Port Scanning, please refer to Port Scanning Basic Techniques
However, not all unrequested traffic is malevolent. Even your ISP will send out regular checks to see if your computer is still there, so you may need to investigate an attempted intrusion. If your computer is sending out large amounts of data, that can indicate that your system may have a Trojan.
If the alerts become too annoying, you should be able to go into your firewall/anti-virus settings and lower them or turn them off (Hide notification messages).