To utilize ZoneLog Analyzer you must have ZoneAlarm, a popular free firewall for personal computers. ZoneLog Analyzer will also work with ZoneAlarm Pro, the commercial version. Both ZoneAlarm programs can be obtained at http://www.zonelabs.com If you are you concerned about protecting yourself from intrusions/attacks while online then a simple solution is to install a firewall. There are a number of commercial firewalls but for the average computer user, who is not running mission critical programs, I highly recommend ZoneAlarm. It has a log feature that will record the activity that takes place while you are online. The entries show the following information:
An example of the type of entry is:
FWIN: indicates that the firewall blocked an inbound packet of data coming to your computer. Some, but not all, of these packets are connection attempts. Also you should keep in mind that the information provided in the Zonealarm log is only a guide. It is up to you, the user, to decide if an attempted connection was a genuine threat or just background noise. Contained within this entry is the information needed to find out who sent the message and there are a number of third party utilities that will decipher the information.
One that I have found is Zonelog Analyzer, and it is also free. I found it simple to install and use. It is a 2MB download and will take up approximately 4MB on your hard drive and will function with WIN9X, NT and WIN2000. It does have two requirements:
Once you have downloaded the Zonelog file it is simply a matter of clicking on zlsetup icon and you are away to the races.
A program group will be setup and it is recommended that before you enter the program that you open the readme file. Next I would drag the Zonelog icon to your desktop and make a shortcut to the program.
Clicking on the Zonelog icon will bring up the log screen which imports the entries from your Zonealarm log. These entries will be colour coded and identified in a box in the upper right hand corner of the screen. The labels are Unknown, DoS, Outgoing, Harmless, Scan, Attack and Trojan but again keep in mind these are labels only and you must make the final analysis.
Clicking on any log entry will take you to the Log Entry Detail screen which shows you an Info box that gives you some details about the type of entry, a Source detail box, Destination detail box and Port Detail.
The details form presents the log information for each entry in such a way as to make the information a little more understandable. A note in the top right corner will describe the type of connection that was attempted and give pointers as to what you should do to find out more.
The buttons at the top left allow you to move through the records of the main listing by going to the First entry, Previous entry, Next entry, and Last entry respectively.
Below these buttons are the date and time of the attack and the transport used, there is also a field marked 'Type' which is the type of attack logged by Zone Alarm, details of which are described in the Information box.
The lower section of the form displays the Source and Destination details, if the attack was incoming then the Destination would be your machine and so the box would be labeled to show this, if it was an attempt to connect to the net from your machine then your machine is the Source which will also be labeled as such.
The Source and Destination boxes will provide the following information:
Hopefully this program will help you make some sense of the "attacks" and the price is right, "free".
I would like to leave you with a few more thoughts: