Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do you read firewall logs?


  • Please log in to reply
8 replies to this topic

#1 James T Kirk

James T Kirk

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:StarSystem 4
  • Local time:02:05 PM

Posted 28 January 2014 - 03:01 AM

hello everybody.
hope your day is going well.
 
i was just wondering if anybody knew how to read firewall logs.
i want to make sure i understand this essential part.
 
this is an importaint element that you should do.
 
thank you


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:05 AM

Posted 28 January 2014 - 06:05 AM

i was just wondering if anybody knew how to read firewall logs.
i want to make sure i understand this essential part.

Yes, this was part of 2 years of security training.

If you expect to learn it from 1 post, you are very mistaken.

 

I have fed you many articles, that you have most likely not fully read (or scanned) yet -

 

Start with Make of Computer / Model of Operating System ? (XP) / Make of Router ? / Firewall program (free or paid version) ? / Your other installed security programs / and Hosts file Version / and a few more specific items that are needed.

 

As this is most likely to do with your "Shadow Hacker", posting more and more questions will not help you.
Posting 1 or 2 replies to the other topics would be much better.

 

Also learn to read TCPview and Wireshark results I have left you, as they are more accurate.

 

As answered, "if you will not take any of the advice offered, then your best hope is Google -

 

 

Since your level of IT knowlege is limited (by the series of posts you have made) you will not understand.

 

Very basic from 2001 from Z Net : Note that things have changed a lot since then.

 

One "simple current Google post"..from How to read Firewall Logs - About 5,710,000 results (0.21 seconds)
From IT World - July 20, 2013, 1:55 PM — Firewall logs always contain far too much data for you to look into. With the likelihood that you're collecting millions -- if not tens of millions -- of records every day, you don't stand a chance of gathering meaningful insights from them unless you summarize or extract meaningful content. In today's post, we're going to look at a simple script that will tell you, given a list of known hostile addresses, whether any of them have connected to your systems (whether they initiated the connections or not) and how many times this has happened.

 

A formula was then added that you would not understand -

 

Saved for last -

Now here is The most simple version you will ever read



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:05 PM

Posted 28 January 2014 - 09:02 AM

How to Read a Windows Firewall Log
These are some resources which may help.

Interpreting the Windows Firewall Log
Read your firewall logs!
Overview of the Windows Firewall Security Log File in Windows XP

Firewall Log Tools
WinFirewallLogAnalyser
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 James T Kirk

James T Kirk
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:StarSystem 4
  • Local time:02:05 PM

Posted 29 January 2014 - 01:35 AM

nojokon hi,
 
it is a security risk to tell you or let it be known to others what security programs that i am running and what type of devices and system that i am running and have, because that can be used to help them better access my computer and to know what obstacles or what they have to get around to do so.
that is why i did not want to tell you the security check -- the only thing that that does is to make me more "vulnerable"
 
maybe i will make myself more  "vulnerable" and an easier "target" and tell you/others this information (maybe info in a pm to you), but first, before i tell you this info, what programs or tools are some of the ones that are good for preventing hckers?
 
dell latitude d630, xp.
what is a Hosts file Version?
 
i just found out it might not be a hcker. it is only a "server". have you ever heard of the "unvanquished server"?
do you know of ANY reason why an "additional" server needs to be created?
 
i didn't know that firewall logs were THAT lengthy. ok, so all you need to do is to create a program then. the question that i WAS then going to ask:
so do you have to create you own program or is there one that you can use?
 
how's a'you'sa doin' ? :welcome:

quietman7

 
wow, your awesome :hysterical:

quietman7

 
you have answered so many questions and helped me so much!!!!!!!!!!!!!!!!! :lmao:
thank you thank you thank you thank you thank you thank you thank you thank you
 
--cAptain KIrk :tophat:
UNknown

Edited by James T Kirk, 29 January 2014 - 01:36 AM.


#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:05 AM

Posted 29 January 2014 - 06:23 AM

it is a security risk to tell you or let it be known to others what security programs that i am running and what type of devices and system that i am running and have

It is a dream, not a security risk, when you will not let others to help you secure your system better.

 

In future can you please list what you mean by "hckers" or spell the word correctly.

Or are you afraid the extra letter in the word Hacker will make you look silly, or wake up a hidden Hacker ?

 

Your problem sounds like someone (even you) has created a second user account and it was never removed.
Do you know how to remove a user account once created ??

 

It seems that much of the problem dates back to your XP Install; "BootMGR is Missing" Error topic.

I suspect these are your "phantom Hackers" that You created in this topic.

The exact version, I am not sure of, but use these to Delete the Phantom Hacker.

Microsoft Windows XP - Delete a user account
Microsoft Windows XP - Delete a user profile
Remove User Accounts from the Login Screen in Windows XP
How to Delete User Accounts in Windows
Removing user accounts in Windows XP and Vista



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:05 PM

Posted 29 January 2014 - 09:00 AM

Hundreds of folks come to BC for help everyday. As part of our assistance, we ask them to run a variety of tools, many of which provide a lot of system information. If that were a security risk, we would not be doing it.

By policy we do not provide help via PM as it defeats the purpose of forums and prevents others learning from the information.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:05 AM

Posted 29 January 2014 - 03:38 PM

I almost forgot your other question -

Re: Hosts file

The Hosts File and what it can do for you - Bleeping Computer by Lawrence Abrams (a.k.a. Grinler)

 

To reset the Hosts file back to the default automatically, click the Fix it button or link, click Run in the File Download dialog box, and then follow the steps in the Fix it wizard. Microsoft Fix it 50267 =>  http://go.microsoft.com/?linkid=9668866
Note: If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD and then run the automatic fix on the computer that has the problem.

 

Thank You -



#8 James T Kirk

James T Kirk
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:StarSystem 4
  • Local time:02:05 PM

Posted 30 January 2014 - 01:24 AM

hi there 
noknojon
 
nope, just checked. there is only one user account. the other one is a guest and the account is turned off.
 
so if you have a trojen, then that means that someone has gotten into your computer?
 
it is not hijacking or redirecting me to another site, so i don't see as how this will "fix" anything.
 
 thanks for the reply, 
quietman7
 
the program for zonealarm firewall log reader was not there -- it didn't exist, as account may have lapsed or something and now the web site is something else. how would i look this up for finding one, what would they be called, or what word should i use to search for one? :bounce:
 
i will try to find a program that finds my system vulnerabilities first :notme:
 
--cAptain KIrk
UNknown mYSTeRies


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:05 PM

Posted 30 January 2014 - 07:17 AM

i will try to find a program that finds my system vulnerabilities first

How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users