Problem solve Get help with specific problems with your technologies, process and projects.

Responding to hacks at home

I've just started using Norton Gygtem Works 2002 Profesional and have Norton Personal Firewall. Today I was hammered by someone who tried to install six different Trojans on my machine -- all within one hour. What is the law concerning this type of attack, and would law enforcement even try to stop this for a home PC owner? Our computer was a $2,400 investment as a learning tool for my family with two children and we cannot afford to lose it to some jerk!

I feel your pain. Anyone who starts running an intrusion-detection system or personal firewall or a system that logs unwanted access starts seeing things that makes them splutter.

One thing I can tell you is that the systems hitting your machine are almost always not the person who owns the offending machine. The MO of crackers is that they hop from machine to machine and do their dirty work only after having laundered the connection from three to five hops. The person doing this is probably not the owner of the machine. If you want to improve the world, let the owner of that machine know they've been broken into.

I've seen obnoxious probes coming from the most amazing places: the name server of a large New York investment bank, a media company in Australia and even the mail server of a large security consulting firm. Here's what I do:

Realistically, if you track down everyone who probes you, then you've acquired a new hobby. You'll spend a lot of your spare time doing it.

Save your logs away. You'll want them.

Find out as much as you can about the offender. The easy cases are when some identifiable place is the launch target. If whitehouse.gov is launching Back Orifice against you, you know who to contact. Just send the logs to postmaster at that address, and attach a quick polite note. Something like, "Here are firewall logs of someone on your network probing my network. Please tell them to stop."

It becomes difficult if the attacks are coming in from a dial-up. In which case, look for the Web site of that provider and find who to complain to. The mail accounts "postmaster" and "abuse" are always good ones. Lately, I've been getting probes from some nitwit on a dial-up in Denmark. I just let those drop.

A good resource if you are new at this is http://www.samspade.org. They have a Web page that does a lot of things that you want to learn how to do like:

  • DNS lookup
  • Whois
  • Traceroute
  • ARIN whois lookup (ARIN is the organization that hands out IP addresses for North America. There is also APNIC for Asia-Pacific and RIPE for Europe.)
    ...and more. Some people find this detective work fun. You might.

    Alas, however, there is too much of this going on for law enforcement to do anything about it. What you can do is send a few mail messages if you can track the people down. Resist the urge to hack back. It's descending to their level, and it's a crime. People have been prosecuted for hack-backs.

    For more information on this topic, visit these other searchSecurity resources:
    Best Web Links: Common Vulnerabilities and Prevention Tips
    Best Web Links: Law, Public Policy and Standards

  • This was last published in February 2002

    Dig Deeper on Information security policies, procedures and guidelines

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.