Jun 13, 2012

How can i check intrusion into my system using firewalls?

I was recently shocked to find that I had downloaded a huge heap of data on a single day as reported by my college authorities. I checked my update history, checked my system updates , but still I could only found was just MB size. So how did i downloaded  GB sizes from net???

The very next day, I found one of my other classmate too reporting to have downloaded huge sized data from same wifi. Now I began to think of some intruder being outplaying us.

This made me look into the deeper side of intrusion. I heard from many that there is been a concept called Nmapping, where  your ports and even MAC can be spoofed by others. This was a shocking fact for me. It was then very easy for me to think how would have an intruder peeped into my system.But the most fascinating thing I interested  to know was 'how would have INTRUDER done so??? '.

First thing I did was to install a firewall to observe the activities within my system.I downloaded  and set a firewall. As soon as I activated the security, things were coming in my way. I found there had been a software called Port Locker, which was installed in my laptop recently, and it have been blocked my firewall.  Further I detected some 179 intrusions in next one hour !!

The intrusion attempt went to almost 600 around next 3 hours. Then I observed the details of target of intrusion.I found all these were targeted to some folder called port Locker.I was little bit concerned about the issue and approached college authorities.They thoroughly checked system and found that there had been a malicious software called as 'hotspot', which in turns sucks the entire band width of wifi and can be manipulated very easily.So GB size can never be an issue.

Looking into wikipedia, i understood of what hotspot is  "A 'poisoned/rogue hotspot' refers to a free public hotspot set up by identity thieves or other malicious individuals for the purpose of "sniffing" the data sent by the user. Such identity thieves will have access to the MAC address of the connecting terminal, which individually identifies the hardware. By examining packets sent, they may attempt to decipher passwords, login names, or other sensitive information."

Further due to thorough analysis, i found lots of unwanted applications and add-ons like yontoo, which was detected as suspicious by my anti-virus. It took a good change on my system and its performance after most of these applications were once removed.

So be aware of such identity thieves around you,even in your same LAN/Wifi and do try the level best to get rid of issues like this. What i found myself to be secure afterwards was,having a good firewall and mechanism to detect the intrusions will always give you an upper hand in being betrayed by these poisoned hotspots in your personal computer/laptops.

No comments:

Post a Comment