With more professionals using software firewall products such as ZoneAlarm, it's not unusual to feel both violated and concerned when your firewall tells you that it has denied access from a specific Internet Protocol (IP) address. The address will look something like this - 207.158.195.39.

While many individuals are happy that their firewall blocked access to their system, others obsess about trying to identify exactly who was trying to contact their computer in the first place.

As a matter of research you could simply try to access the site in question via your browser, by simply adding the http:// prefix. For example, if you browse http://207.158.195.39, you will find yourself at my web site.

Unfortunately, this won't really tell you exactly who tried to access your system, just from what domain the request originated. You could also look up the registered owner information for the domain by visiting Network Solutions and use the on line tools available there.

However, as "real" hackers often steal identities and can fake (or spoof) their point of origination, none of this research will likely help you identify the specific person or machine that actually attempted to contact your computer.

If you happen to be a network administrator, tracking down these access attempts may be a valuable use of your time. For just about everyone else, researching these intrusions is not a very productive activity.

While you might make some progress in identifying the source of an intrusion attempt, it's important to understand that any potential access to your system is really just a request to the IP address that you're assigned by your Internet Service Provider, and not your machine specifically.

As most users are assigned a new IP address every time they log on to the Internet, an attempt to access the IP address you're currently assigned isn't usually an attempt to connect with your computer, specifically.

The reality is that while these perceived threats could be port-probing programs in use by a hackers, they're more likely to be:

1. Someone trying to communicate with the computer that previously used your IP address.

2. A web site you visited which is trying to see if your still "connected" as it attempts to keep track of visitors (usually not for ill purposes, but simply things like shopping carts, etc.

3. Communications from your own Internet Service Provider

4. Any number of other miscellaneous events which are not really hack attempts.

The bottom line is that you shouldn't be overly concerned by what your firewall tells you were attempts to access your system, as most really were not. Instead, just be glad that got a firewall that will block these attempts for you, so you don't have to worry about it.

As a side note, keep in mind that your firewall software (whatever the brand) probably alerts you much more often than is really necessary. Let's face it, these constant "alerts" very effectively leverage the value of FUD (Fear, Uncertainty and Doubt) in order to create a very loyal customer out of you.

Published: September 6, 2001

Use of this article without permission is a violation of federal copyright laws.