Why is my computer under assault?

I use Zone Labs’ ZoneAlarm firewall, and from time to time, I turn on the alert screen just to see what’s going on. I will usually get probed four or five times a day by unrecognized servers. This morning, I have been probed 17 times in the last hour, all by different servers, none of which I have visited recently, or in most cases, ever at all. What is going on?

Usually it’s spammers looking for open mail systems they can hijack…

I’m assuming you have some sort of constant internet connection, like a cable modem. Look at this from the hacker or script kiddie’s point of view. You want a machine that’s nearly always on, always available, and operated by an amateur. So, you scan the internet looking for cable modems. Cable modems generally appear in the ip blocks in the low 60’s. So, the hacker-wannabe runs a script that looks at every IP address in this range looking for a computer with a known exploit. It’s nothing personal, you’re just on the list. It’s like calling every number in the phone book to see who’s home. Don’t worry, though, most of these people wouldn’t know how to eploit a legitmate security hole if there was a faq in 2600. :slight_smile:

I use BlackIce and I’ve only got a 56K connection (Starpower’s big cablemodem promises never panned out) and I get probed all the time. Like Evilhanz sez, its most likely someone looking for a computer to exploit.

slight hijack:

Is there a Mac equivalent to Shields Up! ( https://grc.com/x/ne.dll?bh0bkyd2 )? --i.e., a web site that will probe my home computer’s security holes. Shields Up! is just for Windows.

I ran that program & nobody tried to get in. Hey, you can visit the web through a free anon server, that way no one can track ya.

toadspittle, your Mac is pretty safe just as it is. Macs don’t have the sort of security holes that Windoze machines do. Macs don’t run the sort of services that are attractive to hackers, so there is no point in hacking them.

I find that ZoneAlarm tends to treat even harmless DNS queries as potentially hostle, and those go on constantly. ZoneAlarm is a fine product, but it was tuned by a company that has a vested interest in your fear. If you’re not scared, their products don’t sell, so they’ve provided you a little (mostly) harmless incentive to buy.

I used to use ZoneAlarm. The “harmless” DNS queries were not reported as “hostile”. They were reported “probably from a web site you recently visited that did not disconnect” [or words to that effect].

I switched to Earthlink DSL which for some reason is not compatable with ZoneAlarm. Earthlink provides a free copy of Norton Personal Firewall.

About 3-4 times a day it claims to block “Backdoor/SubSeven Trojan” [this is the only thing that seems hostile]and “Inbound IP fragments are being blocked” [which seems harmless].

ShieldsUp reports my computer is safe.

With either, just turn off the pop up notification screen and ignore them. They make your computer as safe as most people need. Don’t bother buying any upgrades that add more features; the programs work fine “as is”.


I would dispute your ideas that macs don’t run services that would be useful to hackers. Don’t Macs allow you to setup a network with other macs and share the information on the drives? The main reason that macs don’t get a lot of attacks is that they are really just a small percentage of the computers out there. If you are trying to take over computers by just going through IP addresses most of the hits will be windows computers so that is what people attack.

Not arguing your general premise that Macs are a low-percentage target, but, man! Have you ever tried building a large Appletalk LAN? Talk about painfull! I wouldn’t bother exploiting a Mac network even if I did manage to compromise one. Not that I do that sort of thing, but my job requires that I be familiar with the techniques employed.

What version of ZA were you running? How much did you customize it?