Presentation is loading. Please wait.

Presentation is loading. Please wait.

Active Ports 1.4 ZoneLog.

Published byPamela Bäcker Modified over 6 years ago

Similar presentations

Presentation on theme: "Active Ports 1.4 ZoneLog."— Presentation transcript:

1 Active Ports 1.4 ZoneLog

2 Active Ports Overview What it does Where to get it Why use it
How to use it Screen Shots Observations Lessons Learned

3 What Active Ports Does Monitor TCP/UDP activity
Maps processes to specific ports Easy to kill processes

4 Where to get it http://www.ntutility.com/freeware.html

5 Why use it Live analysis Monitor what systems access the Internet
Detect Trojans and other malware

6 How To Use It Setup and Go

7

8

9

10

11

12 Observations Simple and easy to use Not very robust
Little documentation Doesn’t always find the remote IP

13 Lessons Learned Simple tool for live analysis
Must know what should be open

14 ZoneLog

15 ZoneLog Overview What it does Where to get it Why use it How to use it
Screen Shots Observations Lessons Learned

16 Where to get it

17 Why use it Zone Alarm does not have a good log viewer
Get a lot more info than Zone Alarm offers

18 What it does Incident Response Helps interpret Zone Alarm log file
Gives information on data being blocked

19 How to use it Download VB6 runtime files Download application
Find ZAlog.txt C:\WINDOWS\Internet Logs

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37 Observations Not all data about attack is true
Not all features are useful Activity graph Good documentation

38 Lessons Learned Lots of harmless traffic
Big improvement over ZA log viewer

Download ppt "Active Ports 1.4 ZoneLog."

Similar presentations

VirtualSim Inc. Real tools for virtual worlds Presentation.

VirtualSim Inc. Real tools for virtual worlds Presentation.
| | We make life more comfortable 1 TCP/IP Web HVAC Network Controller & Viewer.

| | We make life more comfortable 1 TCP/IP Web HVAC Network Controller & Viewer.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
FireClass FC501. What’s FC501 ? An entry level Triple Circuit Single Loop addressable system featuring Intelli-Zone mapping An “out of the box” panel.

FireClass FC501. What’s FC501 ? An entry level Triple Circuit Single Loop addressable system featuring Intelli-Zone mapping An “out of the box” panel.
Trojan Horse Program Presented by : Lori Agrawal.

Trojan Horse Program Presented by : Lori Agrawal.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to the Internet How did the Internet start? Why was the Internet developed? How does Internet handle the traffic? Why WWW changed the Internet.

Introduction to the Internet How did the Internet start? Why was the Internet developed? How does Internet handle the traffic? Why WWW changed the Internet.
Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.

Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.
Your solution to unsupervised practice, assessment, accountability.

Your solution to unsupervised practice, assessment, accountability.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Defeating Large Scale Attacks: Technology and Strategies for Global Network Monitoring The NetViewer Experiment PAVG in collaboration with Networking Systems.

Defeating Large Scale Attacks: Technology and Strategies for Global Network Monitoring The NetViewer Experiment PAVG in collaboration with Networking Systems.
PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.

PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.
Wireshark Presented By: Hiral Chhaya, Anvita Priyam.

Wireshark Presented By: Hiral Chhaya, Anvita Priyam.
China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.

China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.

IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
4/20/2017 7:57 PM.

4/20/2017 7:57 PM.
COEN 252 Computer Forensics

COEN 252 Computer Forensics
CYBERCOG Test Bed Overview. The Experiment Setup 2 Screens per analyst A common projector screen Experimenter observing the interactions and taking notes.

CYBERCOG Test Bed Overview. The Experiment Setup 2 Screens per analyst A common projector screen Experimenter observing the interactions and taking notes.
WIRELESS IN YOUR LIBRARY The Anatomy of a Library Communications Network.

WIRELESS IN YOUR LIBRARY The Anatomy of a Library Communications Network.

Similar presentations

Ads by Google