Most quotes are from jtw00:
"I've just purchased ZA pro. Seems to
have a lot of options.
I tried blocking the whole netblock
the alerts are coming from but unfortunately I am in it."
You must not block your ISP's DNS (domain name server) and mail server IPs. If you don't know what IPs they are, these instructions are for dial-up, Win*X:
DNS IPs; My Computer- Dial-Up Networking- right click ISP- properties- Server Types- TCP/IP Settings
Mail server IP; try a whois on mail.yourISP.com
If above doesn't work for you, you can call ISP techie.
"If there is a worm in the netblock,
wouldn't the isp want to know?"
Maybe. My old ISP didn't give a shi~. But, you could contact your ISP and offer your firewall logs. I found a worm in a biz network not long ago. Sysadmin was happy I alerted him but sad it was in his network. Took him 2 weeks to kill it in all his comps.
"While looking for ZA pro I came across
an alert about a vulnerability in ZA.
[url]http://www.securitynewsportal.com/a...=thread&order=0[/url] "
Interesting link...
This is a Win*X OS vulnerability (Thanks Bill) whereby any running process can be terminated without any warning to user. A remote control backdoor already exploits this Win OS flaw and can kill several firewalls and anti-virus progs if it gets in your comp. Don't let it in.;-) Be careful what progs you give firewall permission to. Don't click on cracker links.
"Maybe all the more reason to find out if a worm exists in netblock."
Like Mr Byte says: "In **% of the cases I just ignore such portscans because they cannot affect the security and connectivity of my system. In *% of the cases, where I see that the attacker is dedicated and/or dangerous, or he/she is flooding my system, I might decide to report the case, or just counterattack."
I think most of these hits are machine generated- not a guy at a key***rd attacking you personally.
If you gotta good firewall, anti-virus, you can relax a little. For me, a good packet sniffer is also indispensable.
[url]http://www.tamos.com/products/commview/[/url]
P.S.
I didn't mention the name of the "terminate process" trojan because all kinds of people read this forum- hackers, crackers, script kiddies, virus writers, sysadmins, LEA, government agents, gurus, newbies... let the bad guys find their own tools.
Also, if you have a really crappy ISP, he might scan you from DNS and/or mail IPs; but, ZA will catch it.