• Effective immediately we will be deleting, without notice, any negative threads or posts that deal with the use of encryption and streaming of scanner audio.

    We've noticed a huge increase in rants and negative posts that revolve around agencies going to encryption due to the broadcasting of scanner audio on the internet. It's now worn out and continues to be the same recycled rants. These rants hijack the threads and derail the conversation. They no longer have a place anywhere on this forum other than in the designated threads in the Rants forum in the Tavern.

    If you violate these guidelines your post will be deleted without notice and an infraction will be issued. We are not against discussion of this issue. You just need to do it in the right place. For example:

DeepSight Analyzer

Not open for further replies.


Jan 11, 2005

Here's an interesting site that you may or may not be aware of. You run a small program on your computer that will send your firewall logs to symantec. They in turn will send you an email listing the various attacks on your system. After, you have the ability to login to your account and then submit an email to their ISP informing that the user has been up to no good.

Here is a copy of the log that I just received this morning:

Event Activity Report 6/27/2006 2:06:41 AM - 6/28/2006 2:06:41 AM GMT

Time of last upload: Jun 28 2006 8:25AM
Number of new events since last report: 908
Total number of events reported: 1105
Number of new distinct attackers: 115

Top Event Activity Since Last Report Severity # Events Last Event Date
Generic Connection Denied Event Low 908 6/27/2006 11:00:00 PM
This event indicates that an incoming connection has been denied. The protocol variable may either be TCP, UDP, or ICMP.

Top Attackers # Events Top Attacking Countries # Events Top Targetted Ports # Events 263 74 66 35 32 22 18

Canada 289
Poland 264
United States 7
Korea, South 4

445 (microsoft-ds ) 449
39804 (unknown) 263
139 (netbios-ssn) 68
135 (loc-srv) 51
1433 (ms-sql-s ) 50
4899 (radmin) 9
21 (ftp ) 4

You are receiving this email since you are subscribed to the DeepSight Analyzer.
You can modify your options by going to the Account Configuration screen inside Analyzer.
Please send your comments/feedback on this service to analyzer@Symantec.com.

Copyright © 2005 Symantec. All rights reserved.
Designated trademarks and brands are the property of their respective owners.
Use of this Web site constitutes acceptance of the Symantec Terms of Use and Privacy Policy


Dec 27, 2005
Might be interesting but in my case I use a hardware router that blocks incoming attacks so there's little or nothing for ZoneAlarm to log.


Apr 14, 2006
Lafayette, Indiana
What most people don't realize is that port scanning isn't illegal. Most of the ports that it listed are used by legit programs; ie MSN Messenger, ms-sql, netbios, loc-srv...etc Basically I would take the info with a grain of salt. You have to know what you are looking for in order for it to be useful. If you go and report every ISP/user that listened to a port then it's useless. Still it's interesting to see programs like this come out.

BTW...you might want to check to be sure you don't have 'Remote Desktop' enabled.
Not open for further replies.