Introduction

What Hackers Are Looking For On Your System

We've all seen the Hollywood stereotypes of the hacker: the high school teenager who almost starts World War III, the insane genius who aims to take over the world, and the sophisticated super-thief who ­ if he could just crack into a computer or two ­ could easily assume your entire identity and ruin your life.

The truth is that most hackers don't have the sophistication or the desire to do any of these things. They usually want to hijack your computer to get a cheap thrill playing pranks on people in chat rooms, or use it to anonymously send unwanted spam messages promoting their latest adult content site or easy money scam. They've downloaded a few specialized programs that make it easy to do this, and they probably don't know much more about using a computer than you do. But they're still breaking the law. Further, as the Internet is used more and more for business purposes, it is increasingly evident that professional hackers are being paid to engage in industrial espionage and sabotage. Whether hackers are performing for kicks or with malice, protecting your system from these activities is extremely important. In the following materials, we will explain further how these activities are undertaken, explain common Net' terminology, and help you to protect yourself.

Hackers are able to get into your system through the various means listed and defined below. 

Trojan Horse Programs 

A Trojan Horse is a program that is loaded onto your system, disguised as something else. Usually these programs are used either to annoy and scare you, to use your system as a searching device for other infected systems, or to relay unwanted spam messages. If your system were infected with a Trojan, you might see the CD-ROM drive open and close on its own, the system may reboot spontaneously, the screen might flip upside down, or you might see strange messages pop up on your screen, etc. Although Trojan Horses are usually more annoying than malicious, they should be taken seriously because computer damage can occur. 

Mail Relays

Mail relay occurs when your computer is used to receive and transmit e-mail without your knowledge. For instance, a mail server processes a mail message, and neither the sender nor the recipient is on the local network. This means that if your machine allows open relay, anyone that has access to the Internet can use your computer as an outgoing mail server.

There are two primary reasons that hackers would want to use mail relay:

Hackers finding a machine that allows open or third party relay can use it to send as many junk e-mails (spam) to as many recipients as they like. These so-called "spammers" love to find open relay on a super-fast cable modem connection because it allows them to spew hundreds of times more junk e-mail than would be possible through a phone line connection.

Hackers and spammers also use open relay to hide their identity. If a spammer sends junk e-mail directly from his or her own account, network managers will be able to trace the e-mail back to the connection and stop the spammer. However, if the spammer hijacks your mail server, his or her identity can be hidden. Furthermore when the spam is traced, it will be traced back to your own connection! 

As you can see, allowing open relay is a serious issue and appropriate steps should be taken to insure that your computer does not allow third-party relay. By allowing your computer to be a "middleman", you are actually contributing to spamming problems, as well as general clogging on the Internet. 

More information about mail relay can be found at
http://mail-abuse.org/tsi/ar-what.html.

Information about securing your machine can be found at
http://mail-abuse.org/tsi/ar-fix.html. 

Vulnerable Server Programs 

Generally, it's necessary for computer users to set up a server program in order to receive incoming requests. Some programs, such as MS Frontpage, install these servers as a convenience to their customers; however, in most cases, computer users needing this program will have to set it up deliberately. Running a server, for most customers, will not be an issue. Customers running UNIX or Windows NT are generally the customers who will be affected by this. Some customers who run MacOS or Windows 95/98 and have installed additional server programs would also fall into this category.

If you're running a server of any kind on your machine, you need to be sure that it's secure. Keep up to date with the manufacturer's patches and fixes to the program by visiting the web site often. Manufacturers will sometimes offer mailing lists for this sort of thing - check with them to be sure. Vulnerable server programs are the leading cause of compromised customer machines.

How to Protect Your Computer System

Having described the problem presented by hackers, we will now discuss how you can protect yourself from these illegal activities by securing your system. Securing your system against unauthorized use means being aware of exactly what software you are running on your system that allows incoming connections. This includes software that you use every day and software that you installed and forgot about. There could even be programs that may have been installed on your system without your consent. For instance, a Trojan Horse program, also called "Trojan", makes its way into your computer disguised as something friendly or useful. Once installed, the Trojan opens up your computer to unauthorized access.

When a computer is connected to the Internet, information is sent and received through thousands of openings in the system, called "ports". Server systems listen for incoming requests on ports that have been standardized by the Internet Assigned Numbers Authority (IANA). Port numbers range from 0 to 65536, but most servers use the "privileged" ports under 1024. To see your system as a hacker might see it, you should scan your system for open ports. When you do this, you should be able to recognize and identify each open port. To check your open ports, you could download, install and run a port scanner. Many of these are available on the Internet as freeware, shareware and commercial software.

You may find it easier to use a web-based scanner. (Please note that these web-based scanners are good for finding misconfigured server software, but not Trojans.) Several web sites offering web-based scanners are available, including:

Shields Up - https://grc.com/x/ne.dll?bh0bkyd2 
This site tests TCP ports:
21,23,25,79,80,110,139,143,161,443.

Portscan - http://www.cablemodemhelp.com/portscan.htm 

WinNuke - http://www.jtan.com/resources/winnuke.html

Secure-Me.net - http://www.secure-me.net/

HackerWacker - http://hackerwhacker.com/startdemo.dyn 
This site tests TCP ports: 21,23,80,110,113,135,139,1080,8080,4000,12345.