To stay on top of security when connected to the Internet, there are several systems for finding out exactly what is happening to your PC at any moment. If you have a personal firewall and an up-to-date antivirus installed, much of this monitoring is carried out automatically by these applications.
That said, it is still worth checking the security levels in your browsers. In most cases, security settings in a browser can be configured according to a wide range of security criteria, from accepting almost everything to rejecting all but the most trustworthy information. A balance between security and practicality is normally the most advisable.
A powerful tool, called NBSTAT, exists which lets users monitor open connections on their PCs. Simply using the parameter “-a”, you will be able see all active connections on your computer. For example, type “NETSTAT –A” and you will see the following:
TCP FCUADRA:1588 WWW.PANDASOFTWARE.COM:80 ESTABLISHED
The information after TCP, is the type of protocol used, the first word indicates the name of the local machine, followed by the port in use. This is followed by the website and port to which you’re connected and finally the connection status.
The most frequently used ports are those used for http connections (80), e-mail (110 and 25), FTP transfers (21), accessing NNTP newsgroups (119) or IRC chats (194). All ports between 0 and 1,023 are registered for standard services, and those between 1,024 and 49,151 are assigned to non-standard, but recognized functions. Ports from 49,152 to 65,535 however, are dynamic and can be used for a variety of functions, which can unfortunately include the notorious activities of Trojans. If you notice that one of these ports is open, it is time to start worrying as someone else may be accessing your system. The web page http://www.iana.org/assignments/port-numbers has a complete list of these ports.
The ports used by Trojans and other malware tend to vary greatly. In fact there are so many that it would be virtually impossible to list them all here. Your antivirus vendor should be able to help you determine whether a connection has been made by an e-mail program or Trojan trying to enter your machine.
If you suspect that someone or something is connected to your PC without your consent, you should immediately disconnect. Another solution, although not without risks, is to try to enter the machine that is trying to attack you. However, a safer option is just to disconnect, scan your entire system with your antivirus and then reconnect.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.