Active Ports 1 4 Zone Log Active Ports

Active Ports 1. 4 Zone. Log

Active Ports Overview What it does n Where to get it n Why use it n How to use it n Screen Shots n Observations n Lessons Learned n

What Active Ports Does Monitor TCP/UDP activity n Maps processes to specific ports n Easy to kill processes n

Where to get it http: //www. ntutility. com/freeware. h tml n http: //www. download. com n

Why use it Live analysis n Monitor what systems access the Internet n Detect Trojans and other malware n

How To Use It n Setup and Go

Observations Simple and easy to use n Not very robust n Little documentation n Doesn’t always find the remote IP n

Lessons Learned Simple tool for live analysis n Must know what should be open n

Zone. Log

Zone. Log Overview What it does n Where to get it n Why use it n How to use it n Screen Shots n Observations n Lessons Learned n

Where to get it n http: //zonelog. co. uk/

Why use it Zone Alarm does not have a good log viewer n Get a lot more info than Zone Alarm offers n

What it does Incident Response n Helps interpret Zone Alarm log file n Gives information on data being blocked n

How to use it Download VB 6 runtime files n Download application n Find ZAlog. txt n C: WINDOWSInternet Logs n

Observations Not all data about attack is true n Not all features are useful n n n Activity graph Good documentation

Lessons Learned Lots of harmless traffic n Big improvement over ZA log viewer n