|
|
|
|
|
|
No Firewall? Read this! David Dorn chronicles a salutary tale for anyone who has not taken the precaution of installing a personal firewall on their system. As most regular readers will know, every Monday night we host a chat session in the PPC chatroom. We natter about PCs, solve readers’ problems on the spot, and generally enjoy an hour of intelligent chat. Last Monday, however, I spent more time dismissing alerts from my Personal Firewall (I use Zone Alarm Pro version 3) than I did typing into the chat room. As I believe everyone should, I enable the visible alerts whenever a new version of Zone Alarm goes onto my PC, just to check that it’s doing its job, and also to see what kind of activity is occurring. If Monday night is anything to go by, hacking activity is at an all-time high! Over the course of the hour-long chat, I had no less than 80 intrusion attempts. Lots of these were from far-flung countries like Korea and even one from Australia. How do I know? Well, every time there’s an alert, the IP address of the miscreant (if indeed it is a miscreant) is shown. It’s easy, then, to drop that into a Whois checker (like Sam Spade) and sort out exactly where that IP address is coming from. Indeed, Zone Alarm also has a reverse lookup facility built in, which can do the same thing – Sam Spade and similar programs just allow you to dig further. It made it very easy for me to produce a template email, drop in the Zone Alarm report, and send to the abuse reporting address for each ISP that was hosting the hack attempts. For your information, that would normally be something like “abuse@isp.com” and it’s well worth reporting such intrusion attempts to the ISP hosting the session. When you do, don’t forget to include the time and the IP address in your email, as well as the port number the intruder was trying to get at – Zone Alarm provides you with this – so that they can check their logs and determine who, exactly, was assigned that address at that time. One of the miscreants trying to gain access to my PC was hosted by French ISP Wannadoo, to whome I despatched an email with all the details. As I understand it, they were able to track the offending surfer almost immediately. I hope his account has been pulled. In the UK, of course, miscreants can be taken to court – and indeed, you have every right to ask for the name and address of such persons so that you can inform the authorities and have them prosecuted. But the lesson for everybody out there is that these nefarious little bathplugs ( I can’t use the word I’d like to) are scanning ports and trying to get into machines all the time, more particularly at peak hours between 6pm and midnight Greenwich Mean Time. If you don't already have a personal firewall, you are leaving yourself open to attack – and judging by the sheer numbers I had on Monday, running a very high risk. So here’s the advice. Get a personal firewall, install it, and use it every time you’re online. Don’t think it won’t happen to you – it will, almost certainly. Have your say - click here |
