Originally published January 27, 2003

Home computers vulnerable to hackers too

It's not enough that we must concern ourselves with viruses, spam and spyware; now we must worry about outsiders trying to break into our local networks. The business and corporate world has long been vigilant about guarding their networks against outside hackers, but since high-speed Internet access has become more mainstream, home users are now finding themselves vulnerable to these same intruders.

As long as you're connected to the Internet, anyone from anywhere in the world can scan your network connection looking for openings that would permit access to your computer. Hackers can access your personal data but most are more interested in stealthily commandeering your computer as a launching pad for their own nefarious activities, such as unleashing viruses or sending mass spam. These wicked deeds will be traced back to your computer, and you'll be labeled the culprit, unless it's proven you were being spoofed as an unwitting participant.

Anyone with an "always-on" Internet connection is susceptible to network attacks, but those with static IP addresses are particularly vulnerable. An IP address is your Internet identification. Depending on the type of account you establish with your ISP for DSL or cable access, you have either a static IP address, which is fixed and doesn't change, or you have a dynamic IP address, which can change.

Static IP addresses have advantages over the dynamic variety in that this system can function as a server for file transfer or Web pages, but the permanent Internet ID leaves it vulnerable to network attacks. Even dynamic IP addresses can't escape scanning programs that snoop through millions of IP addresses in just minutes. I know this firsthand, as I have been the victim of such overtures during the past six months.

My home computer has been the target of Sub Seven, NetSpy and Back Orifice and Ripper attacks and well as regular suspicious port scans. Someone out there has been cruising my system in hopes of finding an unlocked door.

Fortunately, my computer is protected by SonicWall, a physical firewall that alerts me by e-mail of any irregular activity. SonicWall maintains a detailed log, down to the split second, of all network activity. At the sign of any dubious activity, the firewall generates an e-mail advising of the potential offense and the source IP address. Armed with this information, I can track back and locate the ISP overseeing this address using a name server lookup utility such as the ARIN WHOIS database ww1.arin.net/whois/. Most ISPs have a strict policy against network abuse and will terminate offending accounts if such activity is documented. An e-mail address for abuse reporting is usually included as part of the database information.

I've had good luck with ISPs from Germany, Canada and the United States in following up on my abuse reports; however in most cases the actual user was an unsuspecting dupe whose own computer had been unknowingly hijacked. In one instance, a Seattle ISP actually terminated an account that persisted in illegal scans of my system.

Increasingly, whether your IP address is dynamic or static, it's a good idea to have some sort of firewall in place. There are many good physical firewall vendors in addition to SonicWall: D-Link, Multi-Tech, Belkin, 3-Com, Cicso, Westell and Efficient, to name a few. Some can be configured with anti-virus and anti-porn filters as well.

Single users may not want to add additional hardware, so choosing a virtual firewall, or software, makes sense. ZoneAlarm and BlackIce are two popular and affordable programs that retail for about $40. Demo videos are available at each Web site.

Cathi Schuler is an Assistant Professor for the School of Engineering and Computer Science at the University of the Pacific. She also owns a business software training company, CeePrompt!  cschuler@uop.edu or cschuler@ceeprompt.com or by mail c/o The Record, P.O. Box 900, Stockton, CA 95201. She is on the Internet at: http://www.ceeprompt.com. Click here for past archived columns.  

Google

Return to Article Index | Return to C:\> CeePrompt's Home Page  

@2002 The Stockton Record, Page Design and Layout by CeePrompt!