Active Ports 1.4ZoneLog

Active Ports Overview What it does Where to get it Why use it How to use it Screen Shots Observations Lessons Learned

What Active Ports Does Monitor TCP/UDP activity Maps processes to specific ports Easy to kill processes

Where to get it http://www.ntutility.com/freeware.ht

ml http://www.download.com

Why use it Live analysis Monitor what systems access the

Internet Detect Trojans and other malware

How To Use It Setup and Go

Observations Simple and easy to use Not very robust Little documentation Doesn’t always find the remote IP

Lessons Learned Simple tool for live analysis Must know what should be open

ZoneLog

ZoneLog Overview What it does Where to get it Why use it How to use it Screen Shots Observations Lessons Learned

Where to get it http://zonelog.co.uk/

Why use it Zone Alarm does not have a good

log viewer Get a lot more info than Zone Alarm

offers

What it does Incident Response Helps interpret Zone Alarm log file Gives information on data being

blocked

How to use it Download VB6 runtime files Download application Find ZAlog.txt C:\WINDOWS\Internet Logs

Observations Not all data about attack is true Not all features are useful

Activity graph Good documentation

Lessons Learned Lots of harmless traffic Big improvement over ZA log viewer