1 / 38

Active Ports 1.4 ZoneLog

Active Ports 1.4 ZoneLog. Active Ports Overview. What it does Where to get it Why use it How to use it Screen Shots Observations Lessons Learned. What Active Ports Does. Monitor TCP/UDP activity Maps processes to specific ports Easy to kill processes. Where to get it.

Download Presentation

Active Ports 1.4 ZoneLog

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Active Ports 1.4ZoneLog

  2. Active Ports Overview • What it does • Where to get it • Why use it • How to use it • Screen Shots • Observations • Lessons Learned

  3. What Active Ports Does • Monitor TCP/UDP activity • Maps processes to specific ports • Easy to kill processes

  4. Where to get it • http://www.ntutility.com/freeware.html • http://www.download.com

  5. Why use it • Live analysis • Monitor what systems access the Internet • Detect Trojans and other malware

  6. How To Use It • Setup and Go

  7. Observations • Simple and easy to use • Not very robust • Little documentation • Doesn’t always find the remote IP

  8. Lessons Learned • Simple tool for live analysis • Must know what should be open

  9. ZoneLog

  10. ZoneLog Overview • What it does • Where to get it • Why use it • How to use it • Screen Shots • Observations • Lessons Learned

  11. Where to get it • http://zonelog.co.uk/

  12. Why use it • Zone Alarm does not have a good log viewer • Get a lot more info than Zone Alarm offers

  13. What it does • Incident Response • Helps interpret Zone Alarm log file • Gives information on data being blocked

  14. How to use it • Download VB6 runtime files • Download application • Find ZAlog.txt • C:\WINDOWS\Internet Logs

  15. Observations • Not all data about attack is true • Not all features are useful • Activity graph • Good documentation

  16. Lessons Learned • Lots of harmless traffic • Big improvement over ZA log viewer

More Related