iriegirl,

When you come somewhere to learn don't start off with such a chip on your shoulder claiming to be victimized. Try to keep a more open mind and you'll meet with much better attitudes.

Most cable systems have the ability to change your IP at any time. It isn't weekly or on some systems not even monthly but it does happen unless you pay for a static IP.

So, you could have picked up a "previously used" IP that was for someone else that was running Gnutella all the time. Remember these IPs are "recycled" because a cable company only gets so many.

Log your IP every day and let us know how often it changes, just for grins that is.

Does anyone know how a cable company can have 130,000 subscribers, each one with his own IP and some of them have TWO or more computers, each assigned their own IP? I have tested this and you can connect 4 computers and each one is assigned it's own "private" IP. I assume some companies will use special boxes to "share" a IP for one house, that will be interesting to see how Gnutella will be if everyone does that.

If you had a IP of say 211.245.XXX.XXX then you would get about 65536 max IPs, but how many cable companies can we support with this? If every cable company was on 211.XXX then we could only support 256 of them, and what about the rest of the net?

Exactly. YOU HAVE BROKEN THE CODE!!
What you have been told repeatedly is that it is absurd for you to worry about a harmless thing like ping (or a toot).

Wake up and smell the coffee.

With all due respect, I don't think that you would recognize "logic" if it bit you on the backside.....

Unless you are simply a troll looking for a fight, you will seek out someone you trust, who understands how the net (IP traffic) works and listen as they tell you the same things that you have (failed to learn?) learned here. You claim to want to learn. Only you can do that by dropping the attitude and listening with an open mind.................

cheers,
johnd

You're welcome iriegirl. The unregistered person said it well, about IP addresses being "recycled". This would more likely be your case if you have recently obtained Cable Modem access.

There are some things to note about Cable Modem access though. Because your computer will be connected to the Internet 24/7 (or at least, it is supposed to be), you become a bit easier target to malicious users.

A software based firewall is a good start, but I'd recommend adding a hardware firewall as well. Such firewalls are usually built into "routers" (see http://www.linksys.com, which provides these products and good information about it too). They're fairly inexpensive (around $50). In addition to that, your computer will have a different type of access to the Internet, rather than direct access to the Internet.

Even though you may not be using a home network, you can still use the router for just one PC. It'll give you some added security, and when you decide to do add an additional PC in your home, you can use both those PCs to access the Internet with a bit more ease.

Obviously, even hardware firewalls can be comprimised, but the thing is to make it "harder", not "easier" to get into your system.

i suspect that the person hammering you was using a gnutella servent called Qtrax2. this program is known to be an excessive hammerer and can send you packets many hours after you left Gnutella. although it gets no response, it still hammers you, it even hammers you if you are already uploading to it the file it is hammering for. it just hammers the whole time for no reason. if you were reusing the ip of someone else, it is possible that it tries to connect to you for over 24 hours. it is not in wide use though, as the gnutella community doesn't recommend it. it also has no forum here. decent gnutella clients (i mean every one i know) will mark your ip adress as unresponsive and not try to send you any more messages after a short timeout interval. raphael has even developed an anti-hammering feature which he built into gtk-gnutella, i think others will follow. so there is no need to have a beef with gnutella, it's a very nice network generally.

I can see what Iriegirl is saying. It is very annoying to have an alert window coming up every few seconds while you're trying to work. I can aslo imagine that getting 1000 interspersed hits would make reading your firewall logs (for whatever reason she is) confusing.

I can also see how having these hits from a filesharing network that you never joined is extra-puzzling.

Iriegirl: on Norton Firewall I can turn off the alert message, while continuing to log activity, if that's what you're talking about. Others have mentioned that you can probably also have the log filter out an IP (I'm not sure how to do that), if that's what you're talking about.

To all the blasters -- are you really saying that someone trying to access your computer every four minutes for 24 hours wouldn't cause you concern? Or that if you're working with your firewall logs these erroneous entries wouldn't annoy you?

On a tangent, I'm getting conflicting information here:

MrGone says: "And 'your firewall caught it so you're okay' is bullshit, you're okay anyway because you don't have a service listening for traffic on that port (even if you did, it'd most likely be a gnutella client which don't currently have holes to exploit). Noone can just aim a sharply pointed packet at your computer and "hack" it. You must be running some form of server (web, email, ftp, gnutella servent, etc) to receive and process the traffic coming in."

However, cultiv8r says: "There are some things to note about Cable Modem access though. Because your computer will be connected to the Internet 24/7 (or at least, it is supposed to be), you become a bit easier target to malicious users. A software based firewall is a good start, but I'd recommend adding a hardware firewall as well."


These are the two predominant views that I've heard regarding firewalls. My questions are:

• If I'm on a system NOT running any servers:

Which information is more accurate? What exactly is a hacker/cracker/kiddiescripter capable of (apart from the trojan issue)? Can anyone really harm me even if I don't have a firewall? Are firewalls then only a preventative measure in case one downloads a trojan? I have even heard that a firewall may cause increased risk, because IT is, in fact listening at the ports. Is that true?


• If I'm on a system that IS running some sort of server:

What is the risk? Will a firewall (hardware or software) help protect me? How is this possible if the port needs to remain open in order to serve?


• Third: Does any of this change if I'm connected to the internet via a wireless connection to a base-station that is hooked into a DSL router? Can some sneaky driver-by hack into my computer through my wireless connection?


• The last question is: Do the answers to these questions change if I'm on a macintosh (running either os 9, or os X)? I have heard that macintoshes are virtually invulnerable to hacking other than through a direct, hardware connection. However I've heard that there may be some security holes in os X.


Any security experts in the house, with a lot of time on their hands? If not, where can I post these questions?

Thanks a bunch,
Gratis

Well, not really conflicting I don't think. Being connected constantly makes you an easier target in that if there is a trojan or other security hole in your system there is more opportunity for someone to exploit it. That and persistant connections tend to hang onto an ip address longer so once someone has found you as having a hole it is easier for them to exploit it again later.

If you're not running any servers (or silly things like File and Print sharing, another potential hole) and you do not have a trojan on your system then there is nothing a cracker can really do to your system. There is always the possibility of a DoS (Denial of Service) attack, but those are most often accomplished by making too many connections (again requiring some sort of server) than there are with just bandwidth flooding (which a firewall couldn't stop anyway.)

And no, firewalls do not listen on the ports (excepting possibly for remote administration of the firewall.)

If you're running some kind of server your best bet is to keep it updated and apply any security patches that come out for it. A firewall (hard or soft) will give you information on traffic passing in and out of your computer (ip addresses, ports used, throughput, protocol (TCP, UDP, ICMP), etc) and will let you have control over this traffic.

For example, if someone was doing a port scan on your computer to see if there were any listening services (maybe one being exploitable) you could see this happening and block his IP address from anything you do actually have running (exploitable or not, this guy can kiss off.) Then you can do a whois lookup on the IP address and notify his ISP regarding the attempted abuse (you're probably not the only person he's tried this on) and enough complaints could get him shut down (probably temporarily, but that's better than nothing) potentially saving the *** of some poor schmuck who is running an unsecure system.

Wireless systems use encryption to protect the signal, make sure you're using this encryption if you're on a wireless network

Macs are "hackable"

There is a great forum for these kinds of questions at http://www.dslreports.com/forum/security,1

Thanks a lot for your thourough response. I think I understand the issue much better now.