I recently got Zone alarm(never worried about security much cause I am a peon and have no great secrets). According to my log I have been pinged 327 times since then so I got Visual Zone Utility to find out who was doing it(great utility it backtraces and can find out names and street addresses of intruders). Most of the things seemed relatively normal except one location got me 130 times. This seems excessive so ought I worry or is this normal?
I wouldn’t worry about it…
I’ve had Zone Alarm for a couple of years, and I get pinged about every five minutes or so… some of the pinging is probably from your ISP, others may be attempts to see if you are online for various programs (ICQ, any Gnutella-type thingy, etc.). I highly doubt that anyone is trying to hack you… but if so, that’s WHY you have Zone Alarm!
I have changed the title of this thread from should I worry about this? to should I worry about being pinged? In the future, please choose more descriptive thread titles.
If you are using Zonealarm, then you have no reason to worry. Even if the source is completely malicious, Zonealarm is preventing the ping response so the originator won’t even know you exist.
Yeah, ZoneAlarm is great, but pings are pretty harmless in themselves. They’re just a way of determining if a machine is existent at that address and if certain ports are responsive. ZA sends the pings down a blackhole, essentially making your machine invisible until it initates contact.
If one location is pinging you multiple times … I still woudn’t worry, even if you were without a firewall. 130 pings from one place doesn’t a DoS (Denial of Service, or flooding) attack make, just a rather stupid computer that handles failure to respond to pings badly. Bizarre, perhaps, but probably not malicious.
The Internet has a lot of background noise that ZA happily logs for your edification. Most of it is perfectly harmless. Some of it is malformed, but not malicious. Few packets going down the pike are sent with malicious intent. ZA makes your machine ignore all of it unless you specifically say otherwise, a great security policy (deny all that is not explicitly allowed). So don’t worry about any of it.
A page on firewall forensics. Fascinating reading. It has links to various attacks and how they work. ZA protects you from all of them by simply refusing to respond to such packets. Stop worrying.