Hunt Down Those Hackers and...Ignore Them?(Questions and Answers)

I USE ZONE LABS' ZoneAlarm firewall freeware on my PC. Occasionally ZoneAlarm sends a message saying it blocked a remote computer from accessing my PC. It then lists an IP address and a TCP port, followed by four digits. Is there a way to find out to whom the IP address refers?

Jack Lozano, Tigard, Oregon

SOMETIMES IT'S worthwhile to track down miscreants who probe your computer from afar, but most of these "attacks" are benign. Running firewall software such as Network ICE's BlackICE Defender, ZoneAlarm, or Symantec's Norton Internet Security is almost always sufficient protection--although it's not as safe as disconnecting your computer from the Internet and switching off the power.

I'm not joking. If you want to ensure that crackers--Internet break-in artists--can't probe your PC's ports, you have to either physically disconnect the phone or network line running into the PC, or shut off the computer's power. (You also have to make sure that the computer's Wake-on-LAN BIOS setting, if any, is disabled.)

There's nothing illegal about people scanning your computer's ports, and not every scan is evidence of a cracker at work. Many of the most common port scans are routine checks for server software that doesn't even exist on most Windows computers. For example, your ISP may routinely scan your system to make sure you're not running servers that are disallowed under the company's terms of service. Other scans may be completely innocent as well, like the cable-modem user next door trying to install remote-control software such as PCAnywhere, or a scan by another computer on your local network. It could even be coming from your own system. FIGURE I shows BlackICE's list of port scan source addresses.