Stopping hackers can be very difficult sometimes seeminglyimpossible. I believe however if you use the right types of
programs combined with self-education on how hackers think,
you can make your computer much safer.
Reporting hackers can sometimes be a little bit tricky. A lot of
users never report hack attempts. Simply because they just
don’t care or believe that the “hacker” knows he can’t get into
their system. There is also the reason that users just don’t know
what steps to take once they realize their system is being
attacked.
Once your system is connected to the Internet, some form of
system attack will eventually hit your computer. Most of the
times these attacks will be completely random. While not every
single attack ever made should be reported, repetitious attacks
should. Repeated attacks from the same person/IP address
should always be reported. This is a clear indication that
someone is trying to gain access to your computer.
If you are using Black Ice Defender and or Lockdown 2000, you
will be able to see the IP address of the person attempting to
break into your system.
What do you do now that you know that someone is attempting
to hack into your computer?
Before you can do anything you will require some utilities. I
recommend getting the following program.
• NetLab
Netlab has a variety of utilities combined into one easy to use
application.
You can obtain a copy of Netlab from:
http://www.filedudes.lvdi.net/win95/dns/netlab95.html
After obtaining a copy of NetLab and installing it you’ll be ready.
I find the best procedure for this is to begin by identifying how
many times this “individual” has attempted to hack into your
system and at what times.
(Consult your firewall program documentation for instructions on
where to locate the number of attacks originating from an IP
address.)
Once you have identified how many times the person has
attempted to gain access and at what time the most recent
attack was, it is a wise idea to check if they actually got through.
To check what is currently connected to your computer, do the
following:
• Write down the IP address you were given by Black Ice and
or Lockdown 2000
• Click Start
• Go to Run
• Type in Command and hit Enter
This will bring you to your DOS prompt again
Type the following at the DOS prompt.
• Netstat
This will give you a listing of all active connections to your
computer and it will look something like this.
Active Connections
Protocol Local Address Foreign Address State
TCP COMP: 0000 10.0.0.1 : 0000 ESTABLISHED
TCP COMP:2020 10.0.0.5 : 1010 ESTABLISHED
TCP COMP:9090 10.0.0.3 : 1918 ESTABLISHED
Your information will have different numbers. I used the IP
address 10.0.0.x for demonstration purposes only.
If your attacker is connected to your computer, you will see his IP
address in this listing. Compare this listing to the IP address you
have written down.
In the table above you will see numbers after a (:)
For example COMP: 2020
2020 represents the port number that the Foreign computer
is connected to on your computer.
Using our example let’s take a look at the second row. This
shows us that someone is connected to our computer on port
(2020) from the IP address 10.0.0.5.
Once you have assessed that the “hacker” was unsuccessful in
his attempts to hack into your computer, you can proceed to
gather information to report the attack.