[SpamCop-List] Re: news.spamcop triggered Firewall

[Mike Easter]

Doug Thegarden wrote:
> Can anyone shed any light on this intrusion alert from my Norton
> Firewall?

-1- You are going to look awfully silly if you start asking around here
or elsewhere about every little bent packet that gets recorded in your
firewall logs - it's called 'goober [or idiot] with firewall'

-2- It is worthwhile to become educated about general internet traffic,
noise, hackers, and firewall forensics;  but you should do it by
'pounding the books' or websites and spending your time in the
'trenches' - not by newsgroup asking about puzzling little firewall
entries http://www.robertgraham.com/pubs/firewall-seen.html FAQ:
Firewall Forensics (What am I seeing?)

-3- You would be much better off if you configured a log client to feed
your logs to someplace like DShield and MyNetWatchman than fretting and
puzzling over them - an organized and 'knowledgeable' system can do much
more than you can about putting true intrusions into proper perspective
and even notifying about them and ignoring the rest
http://www.dshield.org/   http://www.mynetwatchman.com/

-4- That's probably a 'misplaced' or 'misguided' news packet that got
lost.

> Source IP address: news.spamcop.net(216.154.195.61).

> TCP Source Port: nntp(119).

> TCP Header Flags: 0x00000039. Invalid.

-- 
Mike Easter