PDA

View Full Version : Identify IP address after firewall alert



06-04-2002, 03:37 PM
When my firewall reports an alert how can I identify the IP address. Something in a recent PC World I think?

06-04-2002, 04:08 PM
which firewall?

there are heaps of tracing progs and firwall addons. have a look at www.wilders.org

06-04-2002, 04:32 PM
If you are using ZoneAlarm it lets you track the source but I wouldn't do it. Sufficient that you intercepted the probe. Tracking it back to source might just pass on information you don't want them to have.

Cheers

Billy 8-{)

06-04-2002, 08:54 PM
There was in F1 sometime ago a link for a freeware tracing program that worked for Blackice and ZA and gave a ton of information about the scanner. For the life of me I cannot find the link right now.

Another tracing program would be SmartWhoIs which can give the isp address etc.

The one thing you don't want to do is try directly the IP address that ZA or which ever firewall it is you are using. You don't know what sort of nasty surprise might be waiting for you.

If I can locate the link for the program mentioned above I will post it.

06-04-2002, 10:10 PM
<http://www.visualizesoftware.com/>

Try the above link for a freeware download for both ZA and Blackice that gives heaps of info about scans and also has (did have) reporting options etc for serious scans

07-04-2002, 11:22 AM
Thanks for the advice - I'll steer clear of the actual location.
I really just want to know if it's coming from , say, Microsoft or Xtra or if it's a likely hacker
The article I remember said they could identify the domain as , in their case, Clear.
ta again