Hacker Highschool Security Awarness for teens:
Lesson 7 Attack Analysis
Lesson 7 Attack Analysis
7.0 Introduction
There are a lot of programs on your computer that will want to open up network connections. Some of these programs have valid reasons for connecting (your web browser won't work nearly as well without access to a network connection as it will with one), others have been written by people with motives ranging from questionable to criminal. If you want to protect your computer, you'll have to learn how to detect network access, and identify the source and intent. Not every attempt at network access is an attack, but if you don't know how to identify friend from foe, you might as well just leave your door open.
7.1 Netstat and Host Application Firewalls
To be able to identify an attack, you have to know what applications and processes normally run on your computer. Just looking at a graphical interface, whether in Windows or Linux, won't let you see what's going on underneath the surface. Netstat and a firewall can be used to help you identify which programs should be allowed to connect with the network.
7.1.1 Netstat
(netstat is also discussed in section 5.2.3) The netstat command will display the status of the network. Netstat can give you information about what ports are open and the IP addresses that are accessing them, what protocols those ports are using, the state of the port, and information about the process or program using the port.
For Download:
