Ever since I got DSL a couple of years ago, I've had a firewall installed on my PC. Didn't have to worry about such things in the dial-up era, of course but with a static IP address, the experts assure me that I'm more vulnerable to hackers trying to get into my computer.
And in perusing through the logs my firewall software maintains, I see that the experts are right- there are dozens of attempts a day to log/hack into my computer.
What the logs can't answer is why as in, why try to hack into my computer.
Of course, since until recently I used Win98, there wasn't really much hackers could do. There is no Unix-like log-in feature on Win98 so if you have file sharing turned off, about all they could do was ping my machine to see if it was on.
Of late, I've added a Mac and a couple of old Pentiums with Linux to the home network. The Mac is running OS9, so it's as difficult to get into as the Win98 box security through obsolescence, that's my motto. (And just let them try hacking into the Apple ][!)
The Linux boxes do have advanced login features, of course but they also have really secure firewalls, so I don't worry too much about them. (Which isn't to say I don't back up my files religiously just in case ...)
Still, it's mostly a Windows world we live in, and as I'm in the midst of upgrading to WindowsXP, this whole DSL/static I.P. situation is a bit worrisome. XP is the closest Windows has yet come to approximating a real operating system meaning that it includes various Internet tools like ftp host, telnet host, real Web server, all in true multi-user environment.
Further meaning that it's going to be a lot easier to get into than the obsolete but secure Win98.
But if we accept the fact that there will be hackers trying to get into my home computers, can we try to figure out who they are?
The firewall log contains a line of information for each "event" that shows the date and time of the attempted connection, as well as the IP address of the originating computer.
By going to the American Registry for Internet Numbers and entering an IP number in the Whois search box at the top of the home page, you can find out who that number is assigned to.
But and this is a big but in most cases, that won't tell you which individual actually has that IP address assigned to their computer. For instance, when I type in one of my own static IP numbers, the ARIN Whois returns the contact info for my Internet service provider the true holder of that number.
I could, I suppose, contact the ISP and report that their customers were trying to get into my computer but what good would that do? ISPs are in business to make money, and accusing their customers of hacking is likely to run counter to that larger goal of profitability.
I can and have tried logging back into these dozens of IP addresses in my firewall log. Of course, these folks who are snooping around trying to get into my computer have very tight security on their own PCs; I haven't gotten so much as a login prompt on a single one. It only stands to figure that a burglar will have the best locks at home.
As to what they're hoping to find on my PC, I can't even guess. If it's porn, they'll be sorely disappointed. MP3s? Sorry, most of my music is still on vinyl. For the most part, what I have on this system is working copies of my Web pages the same stuff you can find by going to my site.
It is, frankly, weird imagining folks sitting in front of their computer hour after hour, typing in IP addresses one after the other, trying to find an open system. The act itself is odd enough; the motivation is frankly beyond me.
But should one of these hackers ever actually get in, no doubt they'll erase the firewall log anyway meaning even then I won't get to ask them just what it is they're looking for.