I finally dumped the free Zone Alarm (I use XP Pro), after some browser hijacks got through. I'm giving McAfee PF a trial, and it's been now a week of catching many blocked-intrusions, so I have a good idea what is coming in by percentage & frequency.

So far I like McAfee PF, the tools and interface are easier to use than several other PFs I've tried. MPF is catching/blocking all kinds of stuff, not surprisingly, and most of it appears to be only light-weight spyware. But I have some event categories below I'm looking for any info about. These are generally from sites where viewing WHOIS is of no help to me, and MPF thinks they should be blocked. I assume I should block them all unless I learn something is needed by a friendly site, but I'm looking for someone with more experience in the following. I've looked in web-glossaries to see what the terms mean, but it's mostly technical jargon that doesn't help much in real-world as to when and how they are used, when they might be valid, etc.

1) DCE Endpoint Resolutions: the one intrusion attempt that accounts for > 50% of all my blocks are at IP address 66..., and the URL in English ends in "cvx.algx.net" (after a variable address portion), and it's something about "Allegience" - but their site is blocked to me). These are all called DCE Endpoint Resolutions, anyway. Anyone know more about these? Just simple common spyware to block? They keep trying me every few minutes, all week long, but blocking doesn't seem to cause me any trouble.

2) NETBIOS sessions, also fairly common intrusions. I think the rule here is always block, unless you know source?

3) ICMP Pings. Quite a few of these too. This one I have no idea about for most pings - I trace them, but they're everywhere in the world. Except that my workplace firewall blocks almost all Pings now, as do other websites I've tried to ping. So I guess I will do the same, block all pings unless testing or such. But I'd appreciate any words of wisdom?

4) Network Blackjacks - I read what it says about "first available port, etc.," but not sure what this means to me personally. I get about 5-10 per day of these. Ideas?

There are others, but these comprise most intrusion blocks I'm trying to figure out how to handle best, and all fall in the category of "I don't think I know them." Any help on any of the 4 types?