[mac-at-kearsarge]

Two weeks ago I set up a web server in my home, while I was home from college for the weekend. I'm not worried about most of my systems since they are Macs. But I run a line from my apartment to the main part of the house to my uncles computer (Which is a PC). He's quite computer illiterate, and he's been telling me that he's been getting "odd messages" (In the past these, usually they're 404's or he's gotten a cannot deliver mail return because he didn't type in the address correctly. But from what he's describing it doesn't sound like the usual for him)

Anyhow when I got home this weekend I checked the log of the http server software and noticed quite a few attempts for a "Windows Virus Request". Half seem to come from what looks like a Router address on my ISP the other from other ISPs.

Now since my IP is assigned dynammically , I am using DNS rerouting utilies.

Now here's my question(s).

1st, any ideas WHAT these request are? Is someone trying to hack my LAN?

2. I haven't investigated on my uncles system yet, but I'm curious if these are the cause of his "odd messages"?

3. I'm using a D-Link DI 704 Router for my NAT, it does have a built in Firewall. if these request are a threat to me should I to use it to block these request?

Any help would be most appreciative

[Camelot]

Do you regularly leave your house and leave all the doors unlocked?

In some parts of the country you might still do that, but most people would still agree it's a bad idea, and many others would agree that it's your fault if someone walked in through your open door and trashed your house.

The same goes for a computer without a firewall.

The short answer is you should ALWAYS use a firewall, especially if you have one and there's no cost to using it.

Turn on your firewall and block ALL incoming traffic except the ports required for the web server and traffic initiated from the inside.

Without seeing the specific log messages you're referring to, it's impossible to predict what they might be, and if they're http requests to your server, turning on your firewall won't stop them, but (to use the house analogy) at least you're only letting people look at your front garden instead of letting them wander around the house.

[mac-at-kearsarge]

UPDATE:

I printed out the log and took it to a friend of mine at school who's a little bit more savvy about this stuff then I am. The log was filled with lines that looked like this:

09/27/02 04:48:28 PRIV user-occslpn.cable.mindspring.com Windows_Virus_Request 0

Confirming that they were, what I thought they were, we decided to have some fun and do an experiment. Since he realized these were actual systems (We're suspecting these are ameturs because they didn't hide themselfs very well), we did a trace route on them. Then we got to wondering: these are Windows boxes, wonder if winpopup would work to send them a message. Apperently it does, since we recived confirmation of delievery (I think I actually found a reason like semi-respect windows!). I'm sending a copy of the list to my ISp since three out of the five sources were on my ISP.

As for the firewall, I think I have it enabled already. Furthermore since they are macs, all backed up, and I'm just hosting a small site for fun, I'm not really worried about it.

[ghporter]

I hate to be a wet blanket, but there are virus writers out there who are after the bigger challenge of Mac viruses. In other word, backed up or not, you're at risk. And even if all they do is wipe your hard drive, are you willing to risk the time and effort it takes to restore your system when they hose you?

It's ont thing to not be too worried about how much damage an intruder can do to your files. It's another to allow such intruders to use your system to serve their files to their cronies. I would be personally terrified that some wiseguy might plant something in an unprotectd system that would allow him to serve up illegal files. He might, just for fun, plant kiddie porn on such a machine, then call the FBI. Not worth it for me! To me, an unprotect system is an invitation for some aggressive intruder to mess me over, so I don't leave those doors open.