OT Computer question, maybe for Rich?

[dakotamouse]

When I went to a cable connection I decided to buy the McAffe firewall program to keep hackers out of my computer. I get an alert message whenever anyone tries to get in. Since I've gotten the program I've found that I get a minimum of 3 hits everytime I sit down at my computer.

What the heck do these people want with me?! How do they find me? Why me? How do they do this?

[TelegramSam]

It's the CRYSTAL PEOPLE!!!

RUN!!!!

[dakotamouse]

I think the Crystal peo---another hit--ple are less scary. Why won't these hackers leave me alone?

[Seth]

Are you sure it's people after you? Many computer programs nowadays will access online programs if you sign on, and vice versa. Firewalls go after those transactions too.

[dakotamouse]

The firewall keeps a record of who trys to get in and none of these addresses ring a bell with me.

[JSW]

I use Zone Alarm and it is constantly showing alerts.I have had two in the last five minutes.So far all the hits have been minor and ZA says they are not a problem. Here is some of the info that came with the last alert which may answer some of your questions.

One common reason for receiving this alert from ZoneAlarm is that someone on the Internet is scanning a block of IP addresses looking for computers with open file or printer shares. The fact that someone is running a scan does not mean that you currently have ports or shares open. Nor does it mean that there is any malicious software installed on your computer or that you are being attacked

I hope this helps,
John

[ndjr]

JSW has some good information in his post. I run a unix LAN, and being scanned is a fact of life on the internet these days. If you're running a good firewall -- for PCs, ZoneAlarm is also my choice -- and have your system patched up-to-date, then you have done much.

You can still get into trouble, however, if you have programs running that you don't in fact know are running. IIS, for instance, the Microsoft web server is famously vulnerable to worms like NIMDA and CodeRed if unpatched. It can be activated without the user's knowledge, and will remain active until it is manually disabled.

There is another possible reason for those firewall alerts. If you use a dial-up line, it may be that you picked up a particular interface at your ISP just after someone else logged off it. What you are seeing is traffic generated by the previous user's web surfing.

There is a whole discipline built around knowing what ports ( addresses ) on a computer are related to which backdoors, trojans, worms, etc., and in capturing the packets directed at those ports in order to determine the scanning tool that generated them.

[Graphics Guy]

If you are running ICQ and or Instant messenger, then they'll be construed as hits as well.

Dan

[dakotamouse]

It's nice to know that all these hits aren't as frightening as they appear. But I often wonder if these hacker types actually have a life? Do they ever back away from their computers? Do something different like, I don't know, um, pick a whistle? Or is making someones life hell their only way of getting their kicks?

[raindog1970]

I run an FTP server constantly on my PC to allow file sharing among my friends, and it's absolutely amazing how many unsuccessful log-in attempts by unfamiliar IP addresses show up in my server logs on some days.
I use NeoTrace to get an idea of where these unauthorized attempts are coming from, and it's rather unsettling sometimes to see how many of them originate from other countries where I have no acquaintances!
I chalk it up to hackers scanning IP blocks (as suggested in an earlier response).
So far nobody has gained unauthorized access that I'm aware of.
And wouldn't a hacker be ticked off to go through all the trouble of hacking me and getting into my FTP server only to find a collection of Celtic MP3s?
Serously, I keep NO sensitive information on my PC... especially since I'm now on a cable modem which is connected at all times, and my IP address never changes.
That just makes me too easy a target if any hacker ever decides to take on the challenge of getting into my PC.
Most so-called "hackers" are just kids running port scanners trying to find an easy target with anonymous access enabled.
I've never seen any signs of someone actually making an effort to hack a user account on my FTP server... they try to log-in anonymously, can't do it, and move on to another IP address.

[Wandering_Whistler]

DM
most "hackers" (in the bad sense of the term) are children...specifically boys between 12-16 years of age. They usually grow up (maybe when they get girlfriends? :roll: ) . Unfortunately, there's a never-ending stream of boys reaching that age to take their place..and some of them will. And, like the little brat in the movie theater with the laser pointer, it only takes a small number of <b>them</b> to tick off most of <b>us</b>

On 2002-03-03 20:14, dakotamouse wrote:
It's nice to know that all these hits aren't as frightening as they appear. But I often wonder if these hacker types actually have a life? Do they ever back away from their computers? Do something different like, I don't know, um, pick a whistle? Or is making someones life hell their only way of getting their kicks?

[garycrosby]

What a lot of people don't realize is that most serious hackers gain access to server and then use it to hack other computers. There are two reasons for this: (1) if done correctly the trail from a poorly hacked site will lead back to the computer originally hacked (and not to the hacker's own system) and (2) the hackers Internet connection is frequently low-bandwidth which isn't the most efficient way to perform certain types of hacks (DOS, etc.) Thus, gaining control of a powerful server with a high-bandwidth Internet connection provides the hacker with a serious strategic advantage.

The company I work for is located in a large research park in the Candian prairies - we have amassive amount of bandwidth available to use. We are constanly being port-scanned. In fact, we have one particular server (a Windows 2K box) that is scanned an average of 12,000 times per day!

[ndjr]

On 2002-03-03 21:27, raindog1970 wrote:

And wouldn't a hacker be ticked off to go through all the trouble of hacking me and getting into my FTP server only to find a collection of Celtic MP3s?

They're probably not after your Celtic music. What they want is a mis-configured FTP site that allows not only anonymous login, but anonymous uploads. Then they can pack it with their "warez," e.g. pirated music, software, DVDs, and the like, and tell their little chums where to go and find it all.

[Grannymouse]

I get a bunch of mail almost every time I log on and I just go thru and delete all the ones that I don't recognize. Other than it's a pain.....is there something else I should be doing??? Gm

[ndjr]

On 2002-03-05 00:59, Grannymouse wrote:

I get a bunch of mail almost every time I log on and I just go thru and delete all the ones that I don't recognize. Other than it's a pain.....is there something else I should be doing??? Gm

What you're getting is called "spam," Grannymouse, and it's really tough to avoid if one spends any time at all on the internet. Once you're getting it, stopping it is not trivial and the best medicine is preventative. When you register to use some site or other, always be sure to look for check-boxes that control whether they can peddle off your e-mail address to others or bother you with spam themselves. Sift through the lawyerese and make sure you don't give them permission to bother you. You have to look carefully for these sometimes; they'll usually be in a very small font in an out-of-the-way part of the page.

Stopping spam once you're getting it is hard because most of it is a one-off deal. You only get it from a specific source once, and then they never hit you again. For those who persist, there are programs that can be set to reject e-mail from specific sources and route it whither you will, but that doesn't help those whose e-mail is on a remote server -- such as Yahoo, Hotmail, or the like. Sometimes your e-mail provider will have anti-spam measures available to you, but that varies with the host. There are programs available, such as a plug-in I remember for Netscape, that can sort mail once it's downloaded to you; but I haven't used Netscape for years and am not current with these sorts of things.

Do a Google search on "spam" and you should find bags and bunches of anti-spam sites. They'll have pointers and remedies you can try.