Prevent your computer from being hacked

[Prokomenos]

Sometimes it's worthwhile to track down miscreants who probe your computer from afar, but most of these "attacks" are benign. Running firewall software such as Network ICE's BlackICE Defender, ZoneAlarm, or Symantec's Norton Internet Security is almost always sufficient protection--although it's not as safe as disconnecting your computer from the Internet and switching off the power.
I'm not joking. If you want to ensure that crackers--Internet break-in artists--can't probe your PC's ports, you have to either physically disconnect the phone or network line running into the PC, or shut off the computer's power. (You also have to make sure that the computer's Wake-on-LAN BIOS setting, if any, is disabled.)
There's nothing illegal about people scanning your computer's ports, and not every scan is evidence of a cracker at work. Many of the most common port scans are routine checks for server software that doesn't even exist on most Windows computers. For example, your ISP may routinely scan your system to make sure you're not running servers that are disallowed under the company's terms of service.

Other scans may be completely innocent as well, like the cable-modem user next door trying to install remote-control software such as PCAnywhere, or a scan by another computer on your local network. It could even be coming from your own system. This figure shows BlackICE's list of port scan source addresses.

The domain names or IP addresses your firewall displays as the source of the remote scan may also be forged (or spoofed, in network parlance). Though you can report the probe to the administrator of the domain listed, it's very possible that the scan originated elsewhere. It could also be that the source address listed is genuine, but the machine doing the scanning has been taken over by a Trojan horse program implanted by a cracker.

In most cases, your PC is just one of thousands of machines the person at the remote address (spoofed or not) is scanning using an automated tool. The scanner is rarely looking for a PC running Windows, because such systems aren't that interesting to crackers. They're more interested in exploiting buggy server software to download a vulnerable trove of passwords or steal credit card numbers.
If you run Windows versions of server software for the FTP, POP3 (the most common e-mail server), IMAP4 (another e-mail server type), NNTP (network news transport protocol), RPC (remote procedure call), or other protocols, you have to guard against hack attacks. Turn off your computer and read Administering Web Servers, Security & Maintenance by Eric Larson and Brian Stephens (Prentice Hall PTR, 2000, $42), which is one of several good books on Internet server security. In fact, you can get a lot out of the book even if you don't run those server types.
If you are the target of prolonged attacks against TCP or other services running on your computer, notify the administrator of the offending domain. You can read more about TCP port probes on
To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts.
. You could also try sending a brief e-mail to abuse@ domain or security@ domain, where domain is the domain name used by the attacker. For example, if you get repeated TCP probes from a computer identified as crackerbox.crackerdomain.com, you might want to send out a quick heads-up to
To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts.
. Even if the source address turns out to be spoofed, the administrator at crackerdomain.com will likely want to know that someone is using the domain without authorization.