We just installed a zone alarm firewall on our computer and noticed that we get alerts every day that the firewall is stopping others from hacking into the computer. Zone alrm gives the ISP # of the hacker. Can we decode this ISP # to see who is trying to hack us? If so how? Why are we being hacked into? It's not like we are Fort Knox and someone would want to know when the next gold delivery goes out by stagecoach.
Yes, you can search the IP at the following address. It will show you what ISP the offender is using. http://ws.arin.net/cgi-bin/whois.pl For instance. This is what you IP traces to: County of Orange (NETBLK-OC-GSA) 1400 South Grand Avenue Santa Ana, CA 92705 US Netname: OC-GSA Netblock: 206.194.64.0 - 206.194.127.255 Coordinator: Stawski, Steve (SS1692-ARIN) sstawski@ocgov.com 714-567-5001 Domain System inverse mapping provided by: OCNET.CO.ORANGE.CA.US 206.194.127.1 OCNET.OCGOV.COM 206.194.127.121
Depending on how it is set up it might be giving false warnings. There is no doubt though that you are being scanned regularly. In some cases you could get the domain name of the attacker, or at least find out whose network he is coming from. Typically the attacks come from a computer that was already comprimised though, so it won't point to the real culprit. It's virtually impossible to determine the actual person resposible anyway, unless you can force their ISP to release the information. That would require law enforcement folks to be involved. Do you have a cable or DSL connection? Do you have any space on your hard-drive? If you answered yes to both, then your PC would probably make a great place to store warez or pornography for other people to easily access. This allows the person who broke in to utilize your resources without tying up his own, and without being linked to the activity.
Hmmm, sounds like spyware. There's a great site on how to detect and remove spyware, if only I could remember where it is...
You can also use visual route servers to see who and where it is - http://www.visualroute.com The spyware can be removed unless it is with a program you are using, like "Gator" - then, if you remove the spyware, you cannot use the program. Just do a search for "remove spyware" on google and there will be a bunch of sites with free software to find and remove spyware. Some of the traffic you see is from sites you use, or have used during a session to see if you are still there. Don't worry, with ZA running, no one can use your computer as a server without you seeing it. Whatever program it is will have to ask permission. Always say "no" if you are not sure what it is, and if it keeps you from doing something you want to do, you can change it to "yes" in the "programs" section. Some of the alerts are routine network controls. After a while you just stop paying attention to the alerts, because you know ZA is working. It is pretty interesting at first, though, because most people have no idea what is going on while they are online. A lot of us use ZA, so help is available if you need it.
