hacking attacks on the increase?
Discussion
I have set up an unprotected linux system on my old ISDN line just for fun. It's sitting there running Ethereal, which shows all the network packets received and sent in real time.
I get constant 'hack' attacks throughout the day. The vast majority are NAT scans from script kiddies who haven't twigged that the box ain't Windows, a few DCOM exploit packets and a load of pings. I'm even still getting Code Red-style IIS exploit attacks
I'd suspect it somewhat depends on what ISP you use - most inexperienced hacker-wanabees will use the available tools to scan their local address ranges. For some reason though, I get a lot of crap from the 'wanadoo.fr' domain.....
I get constant 'hack' attacks throughout the day. The vast majority are NAT scans from script kiddies who haven't twigged that the box ain't Windows, a few DCOM exploit packets and a load of pings. I'm even still getting Code Red-style IIS exploit attacks
I'd suspect it somewhat depends on what ISP you use - most inexperienced hacker-wanabees will use the available tools to scan their local address ranges. For some reason though, I get a lot of crap from the 'wanadoo.fr' domain.....
ICMP traffic is caused by the W32.Welchia worm www.symantec.com/avcenter/venc/data/w32.welchia.worm.html . This was released by some chump to try and "fix" all the machines that were infected with the Blaster worm http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html . As long as they are all being dropped by your firewall you are OK, make sure your AV is up-to date though.
lx993 said:
I get constant 'hack' attacks throughout the day. The vast majority are NAT scans from script kiddies who haven't twigged that the box ain't Windows, a few DCOM exploit packets and a load of pings. I'm even still getting Code Red-style IIS exploit attacks
Chances are high that they are not kiddies per se, as the amount of 'background radiation' that exists on the internet is huge and most is automated. You have worms, botnets and a huge range of 0.0.0.0 -> 255.255.255.255 scans for this that and the other. Also, most kiddies will scan all IP's for the vulnerability they know how to exploit, hence they won't bother to check what OS's they are targetting as that just wastes time; a list of vulnerable hosts is all they need. Run a honeypot if you have the time and resources, and you will see what I mean
_Al_ said:
Wish I understood a word of that...
Sorry 'bout that
Basically, as a result of various worms, automated tools and general "having a look", almost all of the internet is scanned all of the time from everywhere, for pretty much everything. Most is not targeted against a particular company or person. Certainly when a new worm or virus takes off you get a spike in the activity, but it's normally quite high anyway.
_Al_ said:
Wish I understood a word of that...
Honeypotting is fun.
Get an old machine. Slap on a Win 98/2000/XP from a CD.
Don't patch it.
Install IP sniffer.
Connect to net (and disconnect from everything else).
Make a cup of tea.....
....usually compromised within hours rather than days.
Now, how many people can you think of that have never patched their machine?
DOS attacks are possible simply because a hacker can gain control of thousands of machines through exploits that were fixed and should have been patched months ago.
Didn't really fancy having some fool actually breaking into my machine (oh dear, ego is a bad thing ) - if my 'test' machine is compromised then it'll at least be a reasonably skilled hacker.
However the 'test' box with Ethereal at least shows the IP addresses of the would-be attackers... I have had SO much fun messing their systems around. Maybe a bad attitude, but in my book, if someone tries to break into my systems, then they're fair game
) - if my 'test' machine is compromised then it'll at least be a reasonably skilled hacker. However the 'test' box with Ethereal at least shows the IP addresses of the would-be attackers... I have had SO much fun messing their systems around. Maybe a bad attitude, but in my book, if someone tries to break into my systems, then they're fair game
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff