M
Mean_Chlorine
Yeah, I guess this may not be the right newsgroup, but it's the
closest thing I could find.
Anyway, I've got Norton Personal Firewall installed, and oh-my-lord!
is it highly strung!
Today, an ordinary day, I've had, oh, about 50 alerts. Sure, many of
them them were script-kiddies blindly scanning for open ports by
stepping through the IP hierarchy, but a large proportion of alerts
were completely bogus.
For instance, one website I regularly visit, which doesn't use java,
activeX or even cookies, and which I happen to know is 130% safe, has
three times been accused of mounting a DOS attack on my computer, and
connection to it refused for 30 minutes at a time. Apparently a
fragmented package made NPF panic.
My favourite, though, was the time NPF claimed my computer mounted a
DOS attack _on itself_. Yes, my local website got disconnected from
the net by NPF for 30 minutes, for having tried to DOS itself. Thank
you, NPF. Well done. Have a biscuit.
And if it isn't bogus DOS attacks, it's bogus IIS attacks.
And is it *really* necessary to inform me every time some goddamn
korean script-kiddie tries to scan my ports? I mean, it's not like
they pose any threat!
If someone from Symantec by some odd quirk of fate would happen to
read this, you REALLY must add blinking _!_ alerts for every piece of
junk mail I receive too. Then I'll REALLY feel I'm getting my money's
worth of protection!
Bah!
So - anyone know of some way to get NPF to chill a bit, and ignore,
say, DOS attacks and portscans, and only inform when there's an actual
problem with security?
And no, just setting reporting tolerance to 'high' doesn't cut it. It
still locks out innocent "DOS attacking" sites (occasionally my own),
and it still gives me a permanently blinking red ! in the taskbar.
closest thing I could find.
Anyway, I've got Norton Personal Firewall installed, and oh-my-lord!
is it highly strung!
Today, an ordinary day, I've had, oh, about 50 alerts. Sure, many of
them them were script-kiddies blindly scanning for open ports by
stepping through the IP hierarchy, but a large proportion of alerts
were completely bogus.
For instance, one website I regularly visit, which doesn't use java,
activeX or even cookies, and which I happen to know is 130% safe, has
three times been accused of mounting a DOS attack on my computer, and
connection to it refused for 30 minutes at a time. Apparently a
fragmented package made NPF panic.
My favourite, though, was the time NPF claimed my computer mounted a
DOS attack _on itself_. Yes, my local website got disconnected from
the net by NPF for 30 minutes, for having tried to DOS itself. Thank
you, NPF. Well done. Have a biscuit.
And if it isn't bogus DOS attacks, it's bogus IIS attacks.
And is it *really* necessary to inform me every time some goddamn
korean script-kiddie tries to scan my ports? I mean, it's not like
they pose any threat!
If someone from Symantec by some odd quirk of fate would happen to
read this, you REALLY must add blinking _!_ alerts for every piece of
junk mail I receive too. Then I'll REALLY feel I'm getting my money's
worth of protection!
Bah!
So - anyone know of some way to get NPF to chill a bit, and ignore,
say, DOS attacks and portscans, and only inform when there's an actual
problem with security?
And no, just setting reporting tolerance to 'high' doesn't cut it. It
still locks out innocent "DOS attacking" sites (occasionally my own),
and it still gives me a permanently blinking red ! in the taskbar.