I have a sneaky suspiscion this is in the wrong forum but I am hoping as a newbie ppl will forgive me.

Recently I purchased an Software Firewall due to the fact my PC was having some problems I couldnt explain.

After installation I was quite happily surfing away when I decided to check the log/alert status of said firewall. Now I discovered about 20 attempts to hack my PC over a period of about 20 hours. Needless to say my PC has behaved perfectly since installing this (apart from the firewall itself crashing it -- sigh).

My question is .. has anyone had a similar experience .. ie buy/download a firewall of go ... FLIPPIN ECK HOW MANY !!!!!

(Also its selfish cos I would like to make myself more secure).

This is purely out of interest and I would like to start a discussion about it. (Please if you wish to maybe add a post/disussion point do not add specific experiences about your case as your gonna make it worse for yourself and encourage people to attack. I have learnt this the hard way)

Been running firewalls for a while now, and have sometimes been surprised at the number of port scans and attempts to connect to different ports, especially some of the more persistent ones that try several different times and on several different ports.

Some of these are also not exactly hack attempts either. Often a website you recently visited pings to see if you're still there. In particular sites where you have web based email like yahoo, or hotmail might not be sure you're logged off or not, and will ping to see.

------------------
If you had everything...Where would you put it?

Computer Information Links (http://www.geocities.com/paleopete/)

One of the best personel firewalls is Zone Alarm I highly recommend it.
Also what you may be seeing in your logs is someone running a script to scan large IP address blocks. They are not really targeting you.
Another thing to keep in mind is if your using a dialup and don't have Netbeui running. You have closed one of the biggest security holes in Microsoft. Alot of Microsofts network services use Netbuie to communicate (This isn't so true for Windows 2000) By not running netbeui you haven't closed the ports. But you won't have any services listening on them which is just as good. "Script Kiddies" will waste their time try to hack ports with nothing running on them http://www.PCGuide.com/ubb/smile.gif

As long as you don't have any networking services running. ( FTP,file sharing,server service(if using NT/200)ICQ,Netmeeting, and others) Script kiddies will not be able to access your system.

Scans are common, and made much worse by Cable Modem networks - you are basically sharing the wire with a lot of other users, and they can just be browsing the network and trigger your firewall by seeing you in a network browse list.

Microsoft services don't use NetBEUI, they use NetBIOS. NetBIOS is also used by many applications that are designed by 3rd parties and run on MSFT platforms. Win2k does NOT get rid of the NetBIOS dependency (too many other apps and small pieces of the OS still need it). Don't enable file/print sharing on a dial-up connection to the Internet, and you should be fine. If you have a cable modem, the firewall software should protect you (BlackIce lets you basically shield your system without turning off all services, ZoneAlarm, I think, can do the same thing).

Good luck!

You can do even more to protect your computer than just setting up a firewall. I run Zone Alarm and have my network properties set up to close all ports except internet and email.

Go to http://grc.com/default.htm and click on Shields Up.

It will show you how good your security is working and you can also learn how to configure the network properties of your operating system.

I have only gotten one or two suspicious attempts to access my computer in about 6 months or so, most of the alerts are of the type pete mentions.

I think that part of it is also that my ISP has configured my cable modem and connection with a hardware type firewall.

First Bootay you are right Windows does use Netbios not Netbeui. However in a dial-up connection there is NO OPTION FOR NETBIOS only NETBEUI.

Second I did not say that Win2000 gets rid of Netbios. JUST YOUR NEED FOR IT. Netbios is still used by default in a 2000 network.
With Windows 2000 you can use DNS and Active Directory to "list" Network Service. Giving you the option to remove Netbios from your network. Some people have choosen not to do so because they have legacy apps running on their network which need Netbios.


My intention was not to give a detailed talk on an operating system Recall may not even be using. But to inform him/her that "hits" on his Firewall's logs are nothing to be concerned about. I do not belive anyone would try to control a "home" computer by hacking it. Instead emailing a trojan would be a better way of taking control of a home system for DOS attacks.
( about the only reason IMHO for "hacking" a home computer)

Sorry folks for the rant. http://www.PCGuide.com/ubb/smile.gif

[This message has been edited by scada (edited 11-13-2000).]

It is also good to run a firewall program like Zone Alarm because it can detect spyware, that you may have on your computer, attempting to "call home". Zone Alarm will alert you whenever a program you have not authorized tries to access the Internet.


------------------
rdrummond@thesimpsons.com