detecting malicious/unwanted connections RE: [thelist] remote administration utils

[Scott Schrantz]

> -----Original Message-----
> From: Chris W. Parker [mailto:cparker at swatgear.com]
>
> my original question had to do with remote administration
> utilities. now
> i'm wondering what tools there are available that would facilitate
> detecting unwanted traffic when using backdoor programs.
>
> for example, i know my ip address is a.a.a.a and i know the computer i
> am "admin'ing" is b.b.b.b, how can i find out if another computer is
> attempting to connect to the server (me) or the client.

www.zonelabs.com
ZoneAlarm is an excellent firewall that works both ways:
	* It will prompt you if any program on your machine tries to connect
to the Internet, and
	* It will block and keep a log of any attempts made on your computer
from the outside.

You can set up ZoneAlarm on b.b.b.b, and set it to allow a.a.a.a to access
the computer while blocking all other IP addresses. Then only you would be
able to get in, and it would keep a log of other, blocked, attempts. It even
allows a range of IPs, so if you have a dynamic IP you could set it to allow
a.a.a.[a-z].

And, of course, the basic version is free.

--
Scott Schrantz
work: www.rci-nv.com
play: www.computer-vet.com