[stomachmonkey]

A real firewall should start by denying anything that is not explicitely allowed.

1. Block everything then open only what you need and no more.

2. High then adjust to your needs.

3. You make requests of data from the net. If data tried to enter a port w/out being asked for it's unsolicited, could be benign bot traffic or could be something else.

4. Think of them as numbered doors, ftp traffic always enters through door 21, http requests through door/port 80. so if someone wants to try and break in the 1st thing they do is run a port scan, knock on the doors and listen for a hello.

You can change what ports traffic enters to make things more secure but it can also make life harder for you.

Say you are running an ftp server and you change the port from 21 to 211, since ftp applications expect to see21 by default you need to let everyone that has access rights to it change their default client settings for your site to 211.

Ping is what is sounds like, a "ping", data packet is sent from one computer to another. The receiving computer should respond to the ping. It's a first step in troubleshooting to determine if the computer on the other end is still there.

6. Why do you need to trace anything? Don't bother. Every computer on the net sees a ton of irrelelvent traffic.