 Number 237 - February 2003 |
|
| Tips 'N Tricks | |
| Compiled by Charlotte Semple, Dec 2002 LACS Journal | |
|
Annoying Crackers (Snoops)
Sometimes it's worthwhile to track down miscreants who probe your computer from afar, but most of these "attacks" are benign. Running firewall software such as Network ICE's BlackICE Defender, ZoneAlarm, or Symantec's Norton Internet Security is almost always sufficient protection- although it's not as safe as disconnecting your computer from the Internet and switching off the power. If you want to ensure that crackers- Internet break-in artists- can't probe your PC's ports, you have to either physically disconnect the phone or network line running into the PC, or shut off the computer's power. (You also have to make sure that the computer's Wake-on-LAN BIOS setting, if any, is disabled.) There's nothing illegal about people scanning your computer's ports, and not every scan is evidence of a cracker at work. Many of the most common port scans are routine checks for server software that doesn't even exist on most Windows computers. For example, your ISP may routinely scan your system to make sure you're not running servers that are disallowed under the company's terms of service. Other scans may be completely innocent as well, like the cable-modem user next door trying to install remote-control software such as PCAnywhere, or a scan by another computer on your local network. It could even be coming from your own system. The domain names or IP addresses your fire wall displays as the source of the remote scan may also be forged (or spoofed, in network parlance). Though you can report the probe to the administrator of the domain listed, it's very possible that the scan originated elsewhere. It could also be that the source address listed is genuine, but the machine doing the scanning has been taken over by a Trojan horse program implanted by a cracker. In most cases, your PC is just one of thousands of machines the person at the remote address (spoofed or not) is scanning using an automated tool. The scanner is rarely looking for a PC running Windows, because such systems aren't that interesting to crackers. They're more interested in exploiting buggy server software to download a vulnerable trove of passwords or steal credit card numbers. If you are the target of prolonged attacks against TCP or other services running on your computer, notify the administrator of the offending domain. You can read more about TCP port probes on Network ICE's Web site. You could also try sending a brief e-mail to abuse@domain or security@domain, where domain is the domain name used by the attacker. For example, if you get repeated TCP probes from a computer identified as Stop Applications From Automatically Dialing Your ISP The modem may, or may not, dial your Internet service provider, making a connection, and shoves you online--even if you didn't want to be. This can be more than a nuisance; such behavior can be downright expensive if Windows dials up a pay-by- |
the-hour ISP while unattended, and then
leaves the connection running for hours. To insure that you don't have
to pay for your PC's malfeasance, you'll need to hunt down all the
applications capable of making an automatic connection and change their
settings to disable that feature. The most common culprits are browsers
and e-mail clients. Here's how to do this in the most popular programs:
Internet Explorer 5.x: Choose Tools, Internet Options and click on the Connections tab. Click the radio button next to "Never dial a connection," then click OK. Internet Explorer 4.x: Select View, Internet Options, then click the Connections tab. Place a check in the box next to "Connect to the Internet using a local area network" and click OK. Netscape Navigator: Navigator itself doesn't include an automatic dial-up setting, but instead leans on the Internet settings in Windows. Click Start, Settings, Control Panel and open the Internet Options applet, then follow the "Internet Explorer 5.x" instructions, above. Outlook Express 5.x: Outlook Express uses some of the Internet Options settings from IE, so once you make changes in the browser's Internet Options dialog, OE won't dial on its own, either. If you want to prevent OE from making an automatic connection, but allow IE to do so, choose Tools, Options and click the General tab. In the Send/Receive Messages section, select "Do not connect" in the field that reads "If my computer is not connected at this time." Eudora E-Mail: Select Tools, Options, then scroll down the list in the left pane to Advanced Network, and click on it. Clear the box labeled "Connect using Dial-up networking" and click OK. Instant Browser, or Having A Browser Ready At All Times Without Leaving One Running If you're like many people, you dial up your Internet Service Provider in the morning, launch your browser, and use it throughout the day. But the browser saps substantial system resources when it's open -even when you're not using it. Depleted resources can cause Windows 95/98/ME to slow down (or freeze). Fortunately, you can close that browser and free up those resources, and still have immediate access to the Web. Right-click in any clear space on the Windows taskbar, and select Toolbars, Address. When the Address bar appears in the taskbar, click the word "Address" and drag it to the desktop. You can resize the window to make it a more convenient size, and if you right-click anywhere in it and pick Always on Top it will float above all your other windows. To access the Web, just type a URL into this detached Address toolbar .(You probably won't have to enter the entire address, since this toolbar uses Internet Explorer's auto-complete feature.) When you're finished looking at the site, close the browser window and the Address toolbar remains, ready to accept a new site. |
|
Number 237 - February 2003
|
|