Attempted Firewall Breaches - What Action?
Guest
Posts: n/a
Attempted Firewall Breaches - What Action?
Hi,
Does anyone have any advice or experience in dealing with attempted firewall breaches?
I have Norton Firewall and Systemworks installed. Every so often I receive a security alert advising that someone has tried to penetrate my PC using various Trojans, Subsevens or other arcane things.
Usually I ignore them. Occaisonally I have tried emailing back after doing the trace, but never received a reply.
Any suggestions? Are these serious and is there some way of sending something back down the line to these hackers??
Thanks for any suggestions.
Does anyone have any advice or experience in dealing with attempted firewall breaches?
I have Norton Firewall and Systemworks installed. Every so often I receive a security alert advising that someone has tried to penetrate my PC using various Trojans, Subsevens or other arcane things.
Usually I ignore them. Occaisonally I have tried emailing back after doing the trace, but never received a reply.
Any suggestions? Are these serious and is there some way of sending something back down the line to these hackers??
Thanks for any suggestions.
The Oracle
Joined: Aug 2001
Posts: 2,902
Likes: 0
From: Naples, Florida U.S.A.
jafo33,
Most of the time your ports are just being probed for open shares. (Especially if you have Broadband. Most people do not probe Dialup accounts.)
When you have Viruses trying to get into your system, it is a person with an infected computer who does not even know his computer is doing this.
Then there are the hackers, actively trying to hack into your computer. If the hacker is any good, then he would have hacked another computer and from there launched his attack against yourself. So going back to the place the attack was launched from will only lead you to a poor unsuspecting person, that did not even know his computer had been hacked.
If you are worried about the attacks, I would switch from a software firewall to a hardware firewall. Remember that your software firewall that you installed is also available on the shelf at your local software store for hackers too. Since they have access to the program itself, they can get around it and break in, if they really want into your system. (Chances are, most hackers are not going to spend all that time and energy to get in your system, they are going to go after a large corporation's servers or government/military servers.)
Take Care,
Richard
Most of the time your ports are just being probed for open shares. (Especially if you have Broadband. Most people do not probe Dialup accounts.)
When you have Viruses trying to get into your system, it is a person with an infected computer who does not even know his computer is doing this.
Then there are the hackers, actively trying to hack into your computer. If the hacker is any good, then he would have hacked another computer and from there launched his attack against yourself. So going back to the place the attack was launched from will only lead you to a poor unsuspecting person, that did not even know his computer had been hacked.
If you are worried about the attacks, I would switch from a software firewall to a hardware firewall. Remember that your software firewall that you installed is also available on the shelf at your local software store for hackers too. Since they have access to the program itself, they can get around it and break in, if they really want into your system. (Chances are, most hackers are not going to spend all that time and energy to get in your system, they are going to go after a large corporation's servers or government/military servers.)
Take Care,
Richard
Joined: Sep 2002
Posts: 1,650
Likes: 0
From: Chichester, UK
Then there are the hackers, actively trying to hack into your computer. If the hacker is any good, then he would have hacked another computer and from there launched his attack against yourself. So going back to the place the attack was launched from will only lead you to a poor unsuspecting person, that did not even know his computer had been hacked.
). As Richard says, the firewall is just picking up sweeps over a wide range of IP addresses, one of which corresponds to your computer. These will either be active port scans (initiated by a l337 h@x0r script-kiddie with a copy of nmap), or most commonly a virus/worm scanning unknown to the owner of the computer. At first they're interesting, but there are so many that it's better to turn off the pop-up box and just ignore them. A precursor to a real attack is rather different, and any halfway-competent hacker can stealth it so that your firewall will probably miss it anyway.
Joined: Mar 2002
Posts: 448
Likes: 0
From: London, UK
It's all been covered pretty well already, but in essence what you are seeing is the network equivalent of somebody walking down the street trying car doorhandles for one that's unlocked. If they find the car is locked, they move straight on to the next. Outrageous though this behaviour is, it's probably safe to just ignore it.
If some body is "after" you in particular, or has just picked your system at random for a challenge, then either (1) all the bells and klaxons should go off on your firewall and you can choose disconnect temporarily (or whatever); or (b) they are too good for your "firewall" in which case it's probably already too late
Like Richard, I'm personally in favour of dedicated hardware firewalls, or at least running software firewalls on PCs that are specifically cut-down and hardend for that specific purpose.
A software firewall running on a general-purpose computer is about as secure as the weakest point in that general purpose computer's operating system... :-(
If you have a spare lowly-spec PC lying around you might want to have a play with:-
Smoothwall
or
IPCop
for starters
If some body is "after" you in particular, or has just picked your system at random for a challenge, then either (1) all the bells and klaxons should go off on your firewall and you can choose disconnect temporarily (or whatever); or (b) they are too good for your "firewall" in which case it's probably already too late
Like Richard, I'm personally in favour of dedicated hardware firewalls, or at least running software firewalls on PCs that are specifically cut-down and hardend for that specific purpose.
A software firewall running on a general-purpose computer is about as secure as the weakest point in that general purpose computer's operating system... :-(
If you have a spare lowly-spec PC lying around you might want to have a play with:-
Smoothwall
or
IPCop
for starters
Joined: Aug 2003
Posts: 230
Likes: 0
From: ubiquitous
great!
Was just reading the thread and did not know about IPCop.
Now I know what to do with that old PIII 500 lying around
I suppose this will free me from having to try and mingle with Iptables
rules from a command line interface
Thanks for the pointers
C
Now I know what to do with that old PIII 500 lying around
I suppose this will free me from having to try and mingle with Iptables
rules from a command line interface
Thanks for the pointers
C
Joined: Mar 2002
Posts: 448
Likes: 0
From: London, UK
I suppose this will free me from having to try and mingle with Iptables
I've only used smoothwall in anger, but it does seem well though out and designed (provides a full set of Network Services in a box as well -- DHCP, caching DNS through to your ISP, proxy servers, IDS, etc.)
I have succesfully run earlier release on a P90 with 16MB RAM...
Joined: Nov 2000
Posts: 3,443
Likes: 1
From: Cambridge, England, EU
To answer the original question:
This is a FAQ, and the FGA is to turn off the logging in your firewall. That way you won't be told about the hacking attempts and so you won't be able to worry about them.
Does anyone have any advice ... in dealing with attempted firewall breaches?
