[Dshield] Black Ice & Zone Alarm

David Kennedy CISSP david.kennedy at acm.org
Fri Jul 6 20:17:40 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----

At 04:41 AM 7/6/01 -0500, capricornman wrote: 
>>>>
New User here. 
  
I use Black Ice and Zone alarm. Question is,how do you view the logs
in Black Ice? I've tryed,But all I get is a bunch of stuff like
little squares. Thanks in advance for all responses.
 
<<<<

YMMV, but after installing Zone Alarm Pro, I found BlaceICE Defender
became nothing but a resources consumer.  I ran both for about a week
and there were no new entries to the BID logs so I disabled it.

To examine the logs, they're in comma de-limited format.  The default
location is C:\Program Files\Network Ice\BlackICE\attack-list.csv

The "enc" files are another issue.  From the BID FAQ: 

Where can I find a utility that can open and decode the log*.enc or
evd*.enc files generated by BlackICE Defender?

The following web page lists several utilities that can read those
files:
http://www.robertgraham.com/pubs/sniffing-faq.html#software-windows


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: When was the last time you backed-up your hard drive?

iQCVAwUBO0Yc2PGfiIQsciJtAQE9TgQA22gDWn68qKNi1iu9KvOSPHILP4lJrm+O
axhSC2Gv6bf4kc1lYkqtYefn2thBG0MpM+wBKrxgEFNkqna9aGZujyfLyws4QtQn
oBtApX1oSuk2Fv/lXVWlz7wG/75PIk2NWwk0LX8l1ss7D98tCUZspcVH+HQbSXhM
xs58ee0/Pjc=
=AWch
-----END PGP SIGNATURE-----

-- 
Regards,

David Kennedy CISSP
Director of Research Services, TruSecure Corp. http://www.trusecure.com
Protect what you connect.
Look both ways before crossing the Net.




More information about the list mailing list