how-to block ads
|
BlitzenZeus
Burnt Out Cynic
Premium,MVM
join:2000-01-13
Beaverton, OR
 ·Verizon FIOS
 ·Verizon Online DSL
| GWF's, useless logs, and abuse desks. GWF's(Goobers with firewalls), and logs that are missing key information seem to be a big problem these days.
Inexperienced users reporting someone pinging them as a 'DOS Attack', and logs which don't include key information like time, date, protocol, port, etc.. are really taking away from the real reports of people abusing the service.
I recently saw some logs from a version of SyGate, and they didn't even include the tcp port in the logs which makes them useless. How can an abuse desk take reports seriously if they don't even include the port?
--
My hourly rates:
$25 per hour.
$35 per hour if you want to watch.
$45 per hour if you want to help.
$75 per hour if you tried to fix it, and failed. | |
|  
reaver221
join:2003-05-08
Cincinnati, OH | Re: GWF's, useless logs, and abuse desks. I agree with you, most firewall logs flat out suck.
Even in firewalls targeted at power users, the scare tactics used in the logs amaze me. Eg, in Kerio 2.x, discarded ACK packets are logged as "ACK packet attack." WTF? | |
| |
BlitzenZeus
Burnt Out Cynic
Premium,MVM
join:2000-01-13
Beaverton, OR
·Verizon FIOS
·Verizon Online DSL
| Re: GWF's, useless logs, and abuse desks. I use Kerio, and I don't log that Ack packet crap. I personally can't believe they did that as they are mostly just timed out packets to previously listening ports. All of my rules are custom except for the setting to block non-listening ports which shows up as 'packet to unopened port received'.
However yes, many firewalls use terms which are completely bull.
--
My hourly rates:
$25 per hour.
$35 per hour if you want to watch.
$45 per hour if you want to help.
$75 per hour if you tried to fix it, and failed.
[text was edited by author 2003-08-06 17:47:35] | |
|
reaver221
join:2003-05-08
Cincinnati, OH | Heh. Ack packets get logged if you tell Kerio to log any packets it drops due to internal (hard-coded) rules. I turned that 'feature' on because I'd like things like dropped XMAS packets to get logged. Blah. [/rant] | |
| LowWaterMark
Premium
join:2002-05-16
Wallingford, CT
| It's unfortunate that in their haste to capture market share that the personal software firewall vendors have helped to build up so much hype regarding how their products have defended people's systems from so many "attacks".
People who have no other information source are going to believe it, of course, and if they do figure out how to send their alerts to their ISPs, then, well that's where this problem just keeps getting worse and worse.
There are millions of people with these types of firewalls and even if only a small percentage send in reports, I'm sure it overwhelms the abuse depts. Which means when there is a real need to report something, the chance of the serious report getting through to the right people is a lot less.
I guess that's why I prefer the use of joint reporting, like what myNetwatchman does. It they get recognized by more and more ISPs as only sending in serious reports then at least something can be done.
--
Use the most powerful combo Firewall/AV/AT package available - "Common Sense" - It can be upgraded daily! | |
| |
BlitzenZeus
Burnt Out Cynic
Premium,MVM
join:2000-01-13
Beaverton, OR
·Verizon FIOS
·Verizon Online DSL
| Re: GWF's, useless logs, and abuse desks. Many of the programs are popular, but I think that users should demand full logs from their firewalls. If not boycott them, but many people do not even understand the logs so they don't care.
myNetwatchman is a useful service, and more people should use it if they are serious about reporting events.
--
My hourly rates:
$25 per hour.
$35 per hour if you want to watch.
$45 per hour if you want to help.
$75 per hour if you tried to fix it, and failed. | |
| | | 
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| Re: GWF's, useless logs, and abuse desks. said by BlitzenZeus  :
Many of the programs are popular, but I think that users should demand full logs from their firewalls. If not boycott them, but many people do not even understand the logs so they don't care.
myNetwatchman is a useful service, and more people should use it if they are serious about reporting events.
Even with full logs from firewalls most folks can't understand them, or even WHAT to report. I just use MyNetWatchman and keep these links handy for anyone who doesn't totally understand what is in those logs and wants to report (or even interpret them).
MyNetWatchman
»www.mynetwatchman.com/
DShield.org
»www.dshield.org/
--
It takes a disaster to make a woman out of a female | |
| | | B
Premium,MVM
join:2000-10-28 | I guess I'm not as geeky as I feared. I thought "GWF" was Gay White Female. Not that there's anything wrong with that.
-- B | |
| | | 
jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA
| BZ,
Now, how the heck did this thread get this far without anyone ever defining a minimum set of information to be included in any sort of usable log? 
As I recall, there actually is a standard for this. Unfortunately, it went up in smoke on my old favorites list. I thought it was an IETF working group product, but a quick scan didn't turn it up. Perhaps, it's from w3c.org?
I hate it when I lose a huge list of bookmarks!
--
Regards, Joseph V. Morris | |
| 
safemode
@edu.my
| "Add another to the worthless logs list, Outpost... The logs don't even record the local port for tcp and udp communications,..."
if i understand you correctly, looks for "Add/Remove Columns" at the 'View' menu & it will display what item you want it to show. | |
| | | |
|
·
.
Re: GWF's, useless logs, and abuse desks.