400,000 Internet intruders and still increasing...
Trying to recall the date when i started using ZoneAlarm (Firewall concentrated Software), it was 6th March this year. Calculating the numbers of days i have use the software, It's 21 days. What surprises me, the figure of intrusions to my computer, from the world of Internet, is 400,000 and is still growing. Imagine that figure visiting my site for the period of 21 days alone : ).
Before ZoneAlarm, i used to be a user of McAfee Antivirus software. It has an addon firewall services which can be installed(subscribed) seperately. After the installation of McAfee firewall, the figure of intrusions increases everyday. Averagely, a thousand of intrusions per day, and sometime more...
At that moment, I was curious, why the numbers of intrusions kept growing. It eats up "alot" of memory, as my computer is slow, ended up, i removed the software. Then i wonder, will it be because the firewall is way too sensitive? So i tried another firewall software, ZoneAlarm. Well, The result is the same.
I went to this website, a subsidiary of McAFee, HackerWatch, i found out that the total numbers of intrusion that were reported by MCAfee subscibers/user has already achieve MILLIONS. Whoa, that's a large figure. Not only that, i also found out the source of the intrusion and the target is majority from/to North America.
Okey, lets put all that aside. Imagine if one day, your isp, email or phone you up, stating "You are suspected from attacking a network and Your account is suspended". How's that? Or maybe, you paid for a large sum of money to have a dsl connection, to me it is, and your found out that your bandwidth is used by others... Or worst case, your computer is controlled by someone which you don't know.
I have this sentence in mind, prevention is better then cure. If your computer is connected to the Internet, it is advised to install a firewall as a barrier to prevent from those intrusions. Below are some definition of words, that i think it might be useful.
Firewall
In buildings, a firewall is a barrier that prevents a fire from spreading. In computers, the concept is similar. There are a variety of "fires" out there on the Internet-hacker activity, viruses, worms, and so forth. A firewall is a system that stops these attempts to damage your computer.
Reference: ZoneAlarm
What is ICMP?
The ICMP protocol facilitates the use of important administrator utilities such as ping and traceroute, but it can also be manipulated by hackers to get a snapshot of your network. Learn what ICMP traffic to filter and what to allow.
Although most network administrators do a fairly good job of filtering TCP and UDP traffic, many forget to filter ICMP traffic. ICMP traffic is necessary for troubleshooting TCP/IP and for managing its flow and proper function. However, ICMP is also dangerous. Hackers can use it to map and attack networks, so it needs to be restricted.
Bad ICMP
Some ICMP message types are necessary for network administration. Unfortunately, hackers have found a way to turn a good network tool into an attack. The most common types of ICMP attacks are:
* ICMP packet magnification (or ICMP Smurf): An attacker sends forged ICMP echo packets to vulnerable networks' broadcast addresses. All the systems on those networks send ICMP echo replies to the victim, consuming the target system's available bandwidth and creating a denial of service (DoS) to legitimate traffic.
* Ping of death: An attacker sends an ICMP echo request packet that's larger than the maximum IP packet size. Since the received ICMP echo request packet is larger than the normal IP packet size, it's fragmented. The target can't reassemble the packets, so the OS crashes or reboots.
* ICMP flood attack: A broadcast storm of pings overwhelms the target system so it can't respond to legitimate traffic.
* ICMP nuke attack: Nukes send a packet of information that the target OS can't handle, which causes the system to crash.
Reference: TechRepublic
