With the increasing popularity of personal firewalls, more and more people are installing the software and seeing system probe alerts. Our Acceptable Use Policy Team receives a high volume of complaints on this issue, so we thought that we would provide you with some basic information that may be helpful in understanding what is occurring, and how you can proactively manage your personal computer's security.

Our extensive investigation into this issue has shown us that the vast majority of these system probes are originating from computers that have been compromised by various means, usually Trojan viruses. We are taking steps to control hacking attempts by increasing the security awareness of our customers and enforcement designed to detect and eliminate those hacking attempts that actually originate on our network .

I'm being hacked!!!

It can be worrisome when your firewall software reports a system probe, but there are several things to be aware of when your firewall sounds the alarm. They relate to how the Internet works, and are explained below.

How does all this work anyways?

What is actually happening when your firewall reports a system probe? Your computer has just received traffic over the Internet. What that traffic was actually trying to do is more difficult to determine. Your firewall tries to interpret the traffic according to how it is programmed. Since firewall programs are designed to report attacks, it will usually report any unexpected traffic as an attack, even if it is not. In fact, if firewall software is set to a 'high' security level, it may report normal traffic from servers that are a part of the network that you are connected to as an attack. Note, changing the 'security' level of firewall software does not really change the level of protection it affords, it changes the level at which it reports network traffic.

How does that traffic get to your computer? In order for computers to communicate over the Internet, they are assigned an IP address (IP stands for Internet Protocol ). Every person's computer that is connected to the Internet, every website , every server , switch and router that is connected to the Internet in the world has to have a unique IP address. When you go to a website, you type in the URL (Uniform Resource Locator) into your browser , say, www .excite.com, and a server in the network takes that URL, translates it into the corresponding IP address, and your computer connects to that website's IP address.

Say you go to check your email . Your computer sends traffic on the Internet to your mail server, and it responds back to you by sending you your email. How does your computer, and the servers you are accessing, know what the traffic you are sending is for? This is accomplished because the traffic not only has a source and a destination IP address, but a source and destination port also. Port numbers are assigned and registered to Internet functions and software that uses them. In the above example, you go to check your email. Your computer sends traffic to the mail server, asking to check if you have any email. You are sending traffic to the mail server's IP address, with a destination port 110. Port 110 is registered as the port with which you (or anyone else on the Internet) use to check your email.

Simply put, a system probe is someone sending traffic directed to your computer's IP address, with a destination port.

Trojan Viruses

As stated before, other programs are registered to use different ports. This includes so-called Trojan viruses. Most viruses that you hear about are designed to disrupt your computer in some way, from interfering with your Operating System to destroying files on your hard drive. Trojan viruses, on the other hand, are designed to hide on your hard drive. They do not want to be discovered because, as opposed to harming your software, they allow other people access to your computer. Once your computer has been compromised with a Trojan virus , it can be "remote controlled" by other people on the Internet. Trojans also have to use a port number to work correctly. For example, the Sub Seven Trojan, which is in common usage at this time, runs on port 27374. So, in order, this is what happens when you get probed for a Trojan virus. We are still using the Sub Seven Trojan as our example:

1. Another computer on the Internet sends traffic to your computer's IP address, directed at port 27374.
2. Your computer receives the traffic.
3. Your firewall software is programmed to understand that traffic to port 27374 is probably a probe to detect if the Sub Seven Trojan is present on your computer.
4. The firewall blocks the traffic and reports to you that you were just probed for the Sub Seven Trojan.

There are two significant things that happened here. First, note that the firewall reported the traffic as being blocked. That means that the firewall did its job and did not allow the traffic through to your computer. Secondly, and this is not as well known, if your computer has not been compromised by that particular Trojan virus, that probe is harmless. It wouldn't have affected your computer if the firewall were there or not. If you are worried that your system was breached, you can be assured that, as long as your system has not been infected with that virus, and your firewall reported (blocked) the traffic, your computer is still secure.

What does this mean to me?

Now that we have defined how the Internet works, and what happens when your firewall reports a probe, you are probably interested in how this affects you and your personal computer. A typical Windows user needs three tools to secure their system against the majority of security problems you may encounter on the Internet: a properly-configured Operating System, a strong anti-virus program with frequently-updated virus definitions, and some knowledge and discretion.

1. A properly-configured Operating System - The easiest thing you can do to secure your computer from unauthorized access is make sure you are not opening any holes that are easily exploitable. The most common of these is File and Print Sharing. If you have File and Print Sharing turned on in your Network Control Panel, other computers on the Cable-Lynx Network in your area can see and access your hard drive and/or printer. If you want to share hard drives or printers in a home network, you should configure a different network protocol, such as NETBEUI, to do so.

The second Operating System-related issue is with Windows NT and 2000. If you are not running these operating systems, you may skip to the next item. These operating systems, if you do a default install, will open several services, such as FTP (File Transfer Protocol), Email, and HTTP . The running of such services can allow others access to your computer, as well as being a violation of the Cable-Lynx Acceptable Use Policy . You should re-configure NT or 2000 to not have any services running.

2. A strong anti-virus program - Most computers come with an anti-virus program these days. They are effective in protecting your computer from Trojan and other types of viruses, but only if the virus definitions are up to date. An anti-virus program has two components, the program itself, and the virus definitions. The virus definitions are what tell the program how to look for viruses. Since there are new viruses that come out on an almost-daily basis, if your definitions are not updated, eventually your anti-virus software will become useless. You can configure your anti-virus software to update the virus definitions as frequently as you wish (we recommend monthly, if not more frequently) and automatically. Check the help file or web site for your particular anti-virus program. It should be free to update your virus definitions as long as the program is current. If you are not running any anti-virus software at all, we highly recommend that you obtain and install some as soon as possible. There are too many such viruses out there to seriously consider being on the Internet without one for very long.

3. Knowledge - As the old saying goes, "Forewarned is forearmed." Now that you have some idea of what's actually occurring, and security issues as they relate to you, you can make some choices about how you want to protect your computer and what you should protect it from. The easiest way to protect yourself from Trojan viruses, however, is to use extreme caution in opening files that are sent to your computer, including attachments to email, or files sent through an instant messaging service, or IRC . Even if a file is being sent to you by someone that you know, they may themselves be infected with a virus and not know it.

Do I need a firewall?

As stated above, taking the precautions we outlined will secure your computer from most, if not all, of the security issues it may encounter while using the Internet. You may have noted that we did not recommend that you run any firewall software. Is a firewall really needed in the Internet environment? On first thought, it may appear so, but consider these points. You may have heard that you need a firewall if you have an "always-on", broadband connection. Does having such a connection equal an enhanced risk to your computer? No, you do not have any significantly higher risk than a dial-up customer. As we stated before, if your computer is secured against Trojan viruses, a probe on a Trojan port cannot compromise your computer. The firewall is not affording you any protection to these types of probes because there is none needed. All it is doing is reporting to you that other computers on the Internet are sending traffic to your IP address. The only potentially-higher risk you have is that if you leave your computer connected to the Internet 24 hours a day, you will receive more scans simply because your computer is on the Internet longer than other people's computers would be. Again, however, if your computer is secured as we recommended, these probes cannot penetrate your computer. If you are concerned about this, you can simply disconnect the modem from your computer until you are ready to use it again, or turn your computer off. You may have heard that you need a firewall because of the prevalence of Trojan viruses. While it is true that these Trojans are out there and they can be very malicious, a strong anti-virus program can actually detect and, if your hard drive has such a virus, remove the Trojan. A firewall can't do this. That is why we stress running anti-virus software; a firewall is your personal choice to run, but is not critical to a computer's security.

Are you running Linux?

Linux is a UNIX-based Operating System that is an alternative to the MS Windows family of Operating Systems. There are some very common exploits for Linux (WU-ftpd, SunRPC) that will allow others access to your Linux-based computer. If you are not familiar with Linux and know how to secure it from these and other security issues, we would recommend that you use an Operating System that you are more familiar with.