OK, so I personally got as far as installing firewall software so I could spot unauthorized port accesses, both inbound and outbound.
Although the software can spot & block an unauthorized outbound access, it doesn’t eliminate whatever trojan is causing the attempt.
Anyone know of software that will do this?
I’m running BlackIce, too. Most of what I see on my own subnet is NetBios or PCAnywhere port access. These are typically not malicious, it just means somebody is attempting to use network software designed for LAN’s that automatically pings everybody on the subnet. I’ve given up on getting my ISP to tell people to stop doing that. I’ve suggested that they put a blurb concerning PCAnywhere and such programs in their FAQ, but they haven’t.
Before I got BlackIce I bound WINS client solely to the loopback adapter anyway, so they were going to get precious little joy out of that route.
I see a fair number of attempts on the RPC service. Fat lot of good that would do them on a windows box.
BlackIce’s advice pages and knowledge base are pretty good.
It depends. If they’re sophisticated enough to have found an unguarded proxy to go through, it gets difficult. If the ISP they use is careless about logging, or uncooperative, it can be difficult also. If I see something that looks particularly egregious, I try to trace it. I reported some bozo who was trying every every commonly used TCP port on my system to the originating ISP, and and they sent back a response to make sure of times, IP address and so on, so that one may have accomplished something.
From what I’ve seen, a lot of the ones that really look like deliberate hack attempts come from some Asian pool that I assume is getting hijacked.
BTW, some of you guys are running cable modem. The BlackIce docs say that cable modem gets hit a lot more than DSL because the small range of IP addresses used by those services makes it attractive to scanners. If I screen out the subnet junk I mentioned at the start, I’m seeing an average of maybe a couple really suspicous looking things a week on DSL. Does cable modem really seem to get a higher volume?
True, but they have to scan you when you are connected, which may not be likely, and some of the sophisticated hackers may not bother scanning ranges they know belong to large dialup pools.
One way to REALLY reduce your risks - run on a Mac. It’s not that it’s impossible to hack into an Apple OS, it’s just that most of the commonly known exploits are for Windows or Linux based software. Most hackers just aren’t interested in breaking into Apple machines.
I don’t think Apple has the system management techniques Windows and Linux have. For example, when I had to do work on a Mac OS (at a job I held) I could not find a simple hard disk compression utility for all my poking and prodding. In Windows, you can right-click your C: folder and get a compression system just like that. You can run defragmentation utils almost as easily. Nothing as easily accessable in the Mac OS I used. I say this for two reasons: As a warning to the users here who might get an Apple for security reasons and expect advanced tools and as a possible reason nobody bothers cracking Apples.
I dunno, I just couldn’t resist that bad one-liner. 
I went to that site to have my ports probed. On my iMac, nothing going - it wouldn’t let anyone probe, prod or scan. On my Win98 machine, different story.
I am on dial-up, and have always considered myself pretty immune from hackers. I guess I will have to re-think that!
When I was running black Ice, I got probably 10 hits a day that could be attempts. With zonealarm, my machine is pretty much invisible, so its not so many. I ran the shields up test, and it couldnt even find my machine.