what's happening is the page you are visiting has an ad for one of the firewall providers, and when the page calls the ad site it sends them your ip so it knows where to send the data for the ad. most ads work this way, even the ones not pushing security. your machine is not broadcasting it's existence to every machine on the planet, just to the sites you visit and any ads etc. they serve from another machine, your ip tells them where to send the data. now people can randomly scan ip numbers looking for machines, and it's particularly common on cable.
your machine will normally confirm it's presence and that whatever port they pinged is available. software firewall will block those attempts and keep your machine from answering random people, effectively it looks like there is no machine there when they probe you. this is very good because a response from an unprotected machine is fast, however if there is no answer they have to wait long enough to be sure the response isn't coming and it slows them down while they wait to see if anyone answers the door. a software firewall is always a good thing. i've also got mine set up to block most of the "legitimate" ad servers and tracking servers. it's been my experience that the ad servers are grossly overloaded and the main slow down on many web pages. i'm on a 26k dialup connection and can tell the difference. the grc.com site explains it pretty well and will test your firewall very nicely. i check mine occasionally just to double check it's working. it's free, they want to sell you their software so they provide the service and explanation of testing your vulnerability. macs aren't completely immune, you should have file sharing off when you surf for instance. mostly macs are relatively safe because they are a small population segment, most of the machines out there are pc's running windows so that's what crackers (as opposed to legit hackers like myself who don't try to steal things but just to play with their machines and software) spend thier time with, also windows is notoriously insecure. microsoft doesn't do security right, until very recently exploiter didn't even verify site certificates, it just blindly trusted every one which was a significant security problem, but in typical microsoft fashion they claimed it was obscure and eventually released a patch. even on a mac, if your browser has a known weakness you can be attacked. netscape 3. something had a java script bug that would let people access your drives, a couple of days before it made the news and was fixed i was attacked just that way through my dialup connection. i was sending allot of data (i like the lights on my modem!) while viewing a static page. i logged off and discovered they had also left me a cookie with the name of my boot drive just to make it easier for them next time they broke in! a good firewall will at least log everything so you know after the fact and possibly know where the attack came from. in any case it's always nice to know when and if you've been cracked. the same goes for any other web capable app you may be running, i.e. fetch etc. and there's always the possibility that the web extensions themselves (i.e. tcp/ip etc.) have bugs. even the latest version of netbsd (which is very well screened for security holes) had some in the beta release. it's fixed now, but unlike microsoft that tries to hide thier security faults netbsd.org immediately publishes that there is a problem and greets you with a warning when you browse thier site about current or recently fixed security bugs. does any one have something good to say about any particular firewall? i've been meaning to get a better one as the one i'm using doesn't log things as thoroughly as i'd like (i.e. scan ports etc. should be logged, but the data packets should be logged as well). even on my dialup line i've had several port scans and other intrusion attempts. on a cable modem most people get scanned 3 or 4 times a day. once the crackers find a susceptible machine they come back later to break in (i.e. they use programs to search for weak machines, log thier ip # and then the cracker goes back later and tries to break in). this is another advantage of a dynamic ip, your machine won't be in the same place as when it was scanned. you may now be at an ip# that was previously logged as susceptible, but now it's a different machine there and they have to reprobe it and hope it's another weak machine. other than getting a virus in it's nearly impossible for someone to find your machine again with a dynamic ip, they have to scan the ip# range again looking for you. if you dial in from another town chances are you'll be reaching a different server that uses a different block of ip#'s so it can be rather hard for them to track you down again. it's also nice to have a dynamic ip so that the advertisers can't monitor your browsing habits and know it's you again. they sell the statistics, the list of users and what they are interested in (a great help for spammers, or if they manage to get your mail address (from a site you gave it to that turns out to be untrustworthy) they can target you for conventional junk mail, because they know what you're interested in) it also really helps to leave javascript off when you don't need it, both for security and speed. of course some sites just won't work without javascript, but i've also seen sights that won't work with netscape 4.75 with java on. i did try the v 7 beta, it lacks most of the important security options etc. under the preferences. aol apparently wants every one to run any random javascript in email for instance, i never, never want java to run in my mail! java script in email is a fine way for someone to track you and try to get a virus in, possibly a very nosey virus, possibly one that's just malicious. corporate espionage has always been big (bigger than any large company will admit, though they're usually in it as well as thier competitors) which means there can be a financial reward to cracking into the right machine. a freelance cracker can offer to sell the data to a competitor, or try to blackmail you etc. some of the crackers are real pro's that are in it for the $$, others are just "script kiddies" out to have fun by messing things up. sorry if this is an overblown ramble, i am getting a migraine so please excuse any grammar and other errors. security and privacy are big deals, unfortunately most don't realize how important they are until they been victimized. ------ > [EMAIL PROTECTED] > > Paul Shand wrote: > > > Hi On my internet travels I notice warnings that my computer is > > broadcasting an IP Address and that my computer can be attacked (my S900). > > > > System 9.1. -------- -- "For six years, John O'Neill was the FBI's leading expert on Al Qaeda. He warned of it's threat to the U.S. But to the people at FBI headquarters, O'Neill was too much of a maverick, and they stopped listening to him. He left the FBI in the summer of 2001 and took a new job as head of security at the World Trade Center." <http://www.pbs.org/wgbh/pages/frontline/shows/knew/>. Why did 911 happen? Politics, in the broad sense and at the FBI, that's what makes it a tragedy in the truest sense. O'Neil's body was found in the stairwell of what had been the south tower. -- SuperMacs is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | Service & Replacement Parts [EMAIL PROTECTED] | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> SuperMacs list info: <http://lowendmac.com/supermacs/list.shtml> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/supermacs%40mail.maclaunch.com/> Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
