Q

Responding to hacks at home

I've just started using Norton Gygtem Works 2002 Profesional and have Norton Personal Firewall. Today I was hammered

by someone who tried to install six different Trojans on my machine -- all within one hour. What is the law concerning this type of attack, and would law enforcement even try to stop this for a home PC owner? Our computer was a $2,400 investment as a learning tool for my family with two children and we cannot afford to lose it to some jerk!


I feel your pain. Anyone who starts running an intrusion-detection system or personal firewall or a system that logs unwanted access starts seeing things that makes them splutter.

One thing I can tell you is that the systems hitting your machine are almost always not the person who owns the offending machine. The MO of crackers is that they hop from machine to machine and do their dirty work only after having laundered the connection from three to five hops. The person doing this is probably not the owner of the machine. If you want to improve the world, let the owner of that machine know they've been broken into.

I've seen obnoxious probes coming from the most amazing places: the name server of a large New York investment bank, a media company in Australia and even the mail server of a large security consulting firm. Here's what I do:

Realistically, if you track down everyone who probes you, then you've acquired a new hobby. You'll spend a lot of your spare time doing it.

Save your logs away. You'll want them.

Find out as much as you can about the offender. The easy cases are when some identifiable place is the launch target. If whitehouse.gov is launching Back Orifice against you, you know who to contact. Just send the logs to postmaster at that address, and attach a quick polite note. Something like, "Here are firewall logs of someone on your network probing my network. Please tell them to stop."

It becomes difficult if the attacks are coming in from a dial-up. In which case, look for the Web site of that provider and find who to complain to. The mail accounts "postmaster" and "abuse" are always good ones. Lately, I've been getting probes from some nitwit on a dial-up in Denmark. I just let those drop.

A good resource if you are new at this is http://www.samspade.org. They have a Web page that does a lot of things that you want to learn how to do like:

  • DNS lookup
  • Whois
  • Traceroute
  • ARIN whois lookup (ARIN is the organization that hands out IP addresses for North America. There is also APNIC for Asia-Pacific and RIPE for Europe.)
    ...and more. Some people find this detective work fun. You might.

    Alas, however, there is too much of this going on for law enforcement to do anything about it. What you can do is send a few mail messages if you can track the people down. Resist the urge to hack back. It's descending to their level, and it's a crime. People have been prosecuted for hack-backs.


    For more information on this topic, visit these other searchSecurity resources:
    Best Web Links: Common Vulnerabilities and Prevention Tips
    Best Web Links: Law, Public Policy and Standards


  • This was first published in February 2002

    Dig deeper on Security Resources

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close