tech/PC security question - da momma needs advice

Been using Mozilla browser mostly (husband likes his IE, just a creature of habit...) and have Norton security with all the updates current.

We haven't had a series of 'hack attacks' in a very long time, but hit constantly the past 3 days. Seems to be blocking the Trojan horse bit but I am wondering, why so many all the sudden? Haven't had any attempts in ages before this past weekend. Is someone looking for a way around the firewall or what? I am not tech astute.

My pet theory is kids getting out of school about now with too much time on their hands. We seem to have had a flurry of these last year in late May, early June. My tin foil theory is that I am on the list of possible dangerous subversives cuz I never found that bush to beat around when I write and I am an evilDUer.

The Norton program records the address of the attempts. What (if anything) can I do with that info?

Thanks for wisdom you can offer. Oh, it's a DSL connection.

your kids theory. When/if the feds come after you, it probably won't show up in your logs. Besides, they can use keyboard capture tech to get all your keystrokes, or they can film your screen from the outside if you are using a CRT.

I recommend BlackIce for those who want the strongest security. Any other techs have a different fave?

Depending on your environment, BlackIce, ZoneAlarm or Tiny Personal Firewall are my favorites.

My all-time favorite is either Debian or Gentoo as an operating system!

I have not yet heard of Tiny Personal Firewall, but will check it out, def... By the way, there is also an online virus checker at http://housecall.trendmicro.com/housecall/start_corp.asp that I like a lot...better than paying for Norton, I think.

As the number of dedicated connections to the internet (i.e. cable and DSL) increases, and since many of those machines are Windows boxes, you have more machines being compromised because people aren't taking care of their patching and virus updating like they should.

If you want to report these machines to the relevant ISP, go to

<http://www.arin.net>

And type in the IP address (the number of that will look something like "123.456.789.123" in your firewall's log file) and click on "Search Whois."

This will return the ISP and the abuse and/or security email address for contact.

You will probably never hear from them. I do this as a security consultant for a large public university and we have a whole automated process for dealing with these things. The people who deal with these things are overworked and probably not too interested in their jobs. Or they are in India or Russia as much of this work is easily done remotely and is utterly thankless.

Anyway, that's about all you can legally do.

I will attempt to alter hubby's habitual attatchment to his current firewall system.

Odd, not a single attempted incursion since I first posted the question. Must be someone in the eastern US timezone and mommy just rang the lunch bell. LOL

and called one of the guys. Very helpful and nice. Looked up the addy on his range and gave me contact info for the other range I am getting hit from. He said probably a worm (I still doubt that due to the times they stop... mmmm, lunch) and he will contact his customer that turned up on my hit log and suggest they clean up their machine pronto.

Hmmm, I suppose with this nasty worm, porviders are gonna be more helpful at tracking these things down so they can get people to de-bug machines?

Woooo, Havocdad will think I am a goddess when I show him this site you guys recommended. Also, as he is considering a new PC and new security system for it, your recommendations will make me look like a raving PC geek to him. I may even get extra tummy rubs for this.

Thanks again, all you DU tech gods! Da momma will send cyber cookies (chocolate chip variety, not computer chip kind :P )

A new hole in security is discovered in an MS OS. Microsoft generally will not patch a flaw as it decreases impetus to upgrade to the next rev. So grey hat hackers quickly start writing a virus that will scare the pants of adminst thus forcing MS's hand.

So the cycle has become:

Security hole discovered.
MS reluctantly releases a patch with low advertising of the fact.
Grey hat hackers realease a quick and dirty virus designed to attack MS in someway.
News hits the media of the latest virus sweeping the nation and patches get applied.
Black hat hackers get their bugs up and running. Much cleaner bugs and more difficult to detect. If you system is not patched by this time you could be in trouble.

There was a recent hole found in MS Windows. The Sasser virus was quickly created in response. Behind it came two other bugs. One called the Dabber is actually a parasite that hits the Sasser virus and replaces it with its own code.

The other new virus is much nastier and is definately a black hat virus. Called the Gaobot this one contains multiple attack methods encompassing the exploits and weaknesses uncovered in the last year or so. If you are not up to date this thing will be all over your system. It even attacks via backdoors left open by other virie. Once infected it opens a back door on your system and waits for orders from its creator.

All these recent virie include a common methodology. Once they infect a system they begin sweeping other addresses on the net looking for systems to infect. Thus duing high infection periods you will see multiple probes on your firewalls. Its the virus's searching for new systems to hit.

most of these high hit cycles conicide with school shcedules... more hits in the afternoon about 3-4 and majorly more hits when school vacations start. Seems to be a tiny surge during Christmas break then a major increase every spring as schools let out for the summer.

Jeeze, kiddies, GO OUTSIDE AND GET SOME AIR once in awhile, you're too pale...

NIS or Norton Personal Firewall will give you a nice "map" showing the location of the offending IP location. It also will give you a link to report the abuse. As others say, it may be a waste of time. In many cases, the "abuser" is another infected PC that the owner doesn't know or care is infected.

Practice "Safe Hex"... use a firewall (combination of hardware and software is best), use anti virus software, accept email attachments only from known users (it is good practice to use a prearranged "password" or at least send an alert message of a soon to arrive attachment). If you are going to be away from your PC for more than an hour, turn it off. The old sage of startup causing more harm to the PC than leaving it on is obsolete with modern hardware. As an aside, if you are going to be away on vacation, unplug the PC from the wall outlet and the Internet connection (phone line, cable, etc.) while you are away. Even the best surge arrestor can not protect you from a near or direct lightening strike.

The latest worms use weaknesses in Windows XP and 2000 to infect your PC. This class of vermin does NOT require you to open a email attachment and happen quietly in the background. As mentioned in another post, many people with permanent Internet connections leave their PCs on 24/7. This is an invitation for someone to hammer at your PC.

Always check Windows update weekly for patches and apply "Critical" and "Recommended" Patches. Only "Critical" patches are automatically downloaded by Windows Update Service IF you have it enabled. You can configure the Windows Update Web site to filter out updates of Windows add-ins you don't use.