From: InfoSec News (isnC4I.ORG)
Date: Mon Apr 23 2001 - 17:39:04 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.time.com/time/magazine/article/0,9171,1101010430-107238,00.html

BY ADAM COHEN
APRIL 30, 2001 VO. 157 NO. 17

A maniacal army from Alabama is attacking my home computer and trying
to seize control of it. I know that sounds a little paranoid, but it's
true. And your computer could be next. Let me explain.

Like most people, I've lived a dual life when it comes to Internet
security. At the office, I'm well protected by a corporate firewall.
That makes sense; lots of people would probably like to crack AOL Time
Warner's computer system. But at home, I have no protection at all.
C'mon, who wants to dig through the to-do lists and video poker games
on my Power Mac G3?

I decided to find out. So a few weeks ago, I installed Norton's
Personal Firewall. (Other leading brands include Network Ice's Black
Ice Defender and Zone Labs' ZoneAlarm 2.1.) The software promised to
block outsiders from getting into my computer and to keep a log of the
IP address or domain name of everybody who tried.

As home-hacking victims go, I fall in the middle of the spectrum. On
one hand, I recently installed a high-speed DSL service. These "always
on" connections are catnip to hackers because they are stationary
targets, vulnerable to attack 24 hours a day. On the other hand, I
have a Mac, and most mischiefmakers prefer Windows PCs.

Once the firewall was up, I promptly forgot about it. By the end of
the day, I hadn't got a single ping. So much for the great
home-hacking threat. But the next morning there was a pop-up on my
screen. A "remote procedure call" had come in overnight from an
anonymous computer with an 11-digit IP address. The firewall blocked
it. Since then, hardly a day has gone by without one and sometimes 10
or more attempts by outsiders to get into my hard drive.

The hits are a testament to the power of the Internet to bring us
closer together. Computers from as far away as Thailand and Japan have
found their way to my humble apartment in New York City. A Canadian
identified only as guelphppp217545.sympatico.ca must have wanted in
badly. He, she or it tried 15 times over the course of a few minutes.
Now, when I get home at the end of the day and check my e-mail, I also
look to see who's been knocking at my computer door. I'm on to you,
newteq.com.tw, telocity.com and pascal-jp.com.

But who are all these guys, and what do they want? It turns out that
the domain names and IP addresses that show up in the log may not
belong to the people doing the dirty work. Hackers often commandeer
other people's computers or ISPs to mask what they're up to.

As for what they want, a lot of the hits are harmless. Some may even
come from applications, like Napster, that I have authorized to run.
But at least some of them are probably hackers trying to rummage
through my files, hoping to lift my credit-card number or empty my
bank account.

And yes, one pop-up advised me that maniacalarmy.org was trying to get
into my computer. I checked out the domain name, and it belongs to a
computer company in Birmingham, Ala. The people who work for the
company may be perfectly innocent, although they have been dodging my
phone calls. Still, as long as maniacs of any kind can access my
computer through my phone line, I'll be keeping the firewall up.

But please send e-mail only to Adam's office: Cohentime.com

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]