|
|
|
|
How do you know whether someone is attacking at random, or is specifically attacking you? Most firewalls will log all attacks. It's a good practice to check the logs to see whether one computer is giving you particular attention.
How to Look up Ports Sometimes your firewall may give an alert but say that it is no big deal. For example, in Figure 4, someone apparently attempted to reach a printer on my computer. The way you can tell this is by looking up Port 515 in Appendix I. This reveals that is normally used for printers. Of course it is always possible that this attacker could be looking for a Trojan back door to use to senak into your computer. To see what Trojans might typically be installed on this port, see Appendix II . Why even give an alert if this is a normal port and not a hacker back door? Your firewall will give an alert even in a normally low risk situation because some attacks look like ordinary network activity. However, Figure 4 shows an alert on a computer that does not allow any other computer to use its printer. Yet some stranger from across the Internet is trying to use its printer. This is probably a crime attempt. Some alerts are even harder to interpret. Figure 5 shows two
that could be either OK or a snoopy hacker. These are both ICMP (Internet Control Message Protocol) alerts. On the left side is a "subnet broadcast address" alert. To the right is a more ordinary ICMP message. The subnet broadcast is suspicious. A subnet broadcast almost always comes from someone who is local to you on the same Internet provider. The objective of this broadcast is to find out who else is online at the same time. Was another user was trying to find out who else was online? If so, this could be a prelude to attack. |
|
|
|
