One other question: I'm using Zonealarm now, do all requests from Bliz get marked as being from battle.net? I had one alert that didn't mention bnet anywhere and the IP was different from the bnet alerts. Was this my first recorded malicious event?

Thanks,
Jidath
Abram, Lvl 39 S/S WW Barb on Europe

when u reequip your items after retrive the corpse u equip from the top down, so the helm first then armor and so on. if u don't have enough str or dex for those items then it will skip to the next .

Baroness Azna-V Java Ranger Lv 71 Europe

"WWF is not World Wrestling Federation !"

As far as your firewall is concerned, you should only see communication on UDP port 53 (for DNS name resolution) and TCP ports 4000 and 6112 when you connect to bnet. The firewall FAQ tells you to also open UDP 4000 and 6112, but I haven't noticed that my firewall logs any communication on those ports.

If you "sanitize" your logs by ***.***.***.*** your IP address, I would be willing to look at them at give you some idea what was going on (cwnannwn@mediaone.net). I have noticed that, since the new sub7 trojan was released, I have been port scanned a lot more than normal and on ports that I didn't see before, particularly TCP 5500. My home systems get scanned anywhere from 3-5 times a days, with the occasional spike of 10-12. Typically the intruders are looking for sub7 or back orifice.

You may want to do an nslookup on the IP if you think you are being port scanned. A lot of @home systems are compromised and are used as launching points for port scanning. Typically, you can send a copy of your logs to abuse@ispname and they will deal with it. It's a serious issue and people need to be aware that the bad guys are out there. The most common response I get from people is, "why do I need to protect myself, there's nothing on my system that anyone would want." They don't realize that it's the whole system that they want - to use it's resources to continue to hack other systems, and to do it so that the attempts can be traced back to the compromised system, not the hacker. And, if the hacker does something particularly illegal, you will have a lot of explaining to do as the feds come through the door and confiscate all your equipment. Sure, later it will be clear that someone else was responsible, but only after a major hassle with the law.

Qailla