Making Sense of Back Traces

GTG

My firewall is frequently alerting me to people scanning my computer which is probably being experienced by most people that spend alot of time online.

Most of the backtraces do not show any information for the source of the scanner so I presume they have some sort of cloaking software in place. I am ocassionally getting some info but do not know how to find or report the culprit/culprits. I have done a "who is" on the source and frequentily get NTLI Network Center, NTL Internet in Winchester and info like for example:

86.28.71.175 manc-ppph-08.dial.ntli.net

Any help and advice would be appreciated.

TIA

patwa_2

Hi. You are right when you say that most people online will get IP's trying to access their computer. These could be your own ISP for monitoring purposes, websites, software installed on your computer that accesses the web, even sometimes the connection made when chatting via Instant Messaging or Audio conferencing can show up on your firewall.

The groups of four numbers are the numerical addresses of the computers from which the access attempt is made, the rest, e.g the ntl bit is the domain name of the site/server linked to that address. For example, 139.133.43.1 corresponds to abdn.ac.uk.

Which firewall are you using? I don't mean to brush the issue aside, but honestly unless you're getting a frequent and non-stop access attempt, there is little to be worried about. Often users will set the logging option of the firewall to a level that makes it report everything, even if it's nothing to be concerned about, which in turn does exactly the opposite - that being to cause undue concern.

There are a number of utilities that can take the numerical address of the accessing computer and trace back the route - one of the ones that spring to mind is VisualRoute. It can show you where the attempt is coming from, and more importantly the ISP's which that person is connecting through. If you were finding a frequent and never-ending bombardment of your system, you could contact that ISP to take action.

I hope this is helpful, but once again re-iterate that 99% of the attempts are most likely harmless and part of 'regular' browsing activity.

Cheers.

Hussein.

albertross_2

If you are broadband, and get a router, then they will be blocked before they get to your PC and software firewall.

Even if someone is trying to hack you, there is little an ISP will do.

GTG

patwa, thanks for allaying my fears, now that you've explained I'm not getting that many attempts and they are probably as you say harmless and part and parcel of surfing the net.

I'm using Sygate's firewall which was free but have been taken over I believe so is no longer available for free. The controls are quite rudimentary (but effective) in that you can set them to prompt or always accept/block traffic for each application.

Thanks again.

Albertross, I'm on dial up but thanks for the info. anyway.

patwa_2

Hi, you're welcome. I used to use sygate too before I moved onto McAfee's all-in-one solution. As you said, pretty elementary but it did the job and did it well - I particularly liked the logging functions, but as said before I can't help thinking it can sometimes generate an unhealthy amount of paranoia.

Happy new year.

Hussein.

MadCowMan

I can't help thinking it can sometimes generate an unhealthy amount of paranoia.

Quoted for truth. Have you ever seen the Cisco advert for one of their security boxes, where there are the team of hackers trying their harded to break into a system. One of the sys admins turns to the other and asks whats happening. The other replies , 'Nothing'. For me , thats what a firewall should do. I dont want it to be constantly attempting to justify itself by telling me how well it is protecting me from the 'evil interweb'