Hackers Targeting Home Computers

Nicholas Brawn ncb at pobox.com
Mon Jan 5 22:59:30 EST 1970 

On Saturday, January 5, 2002, at 08:08 AM, Hack Hawk wrote:

> At 06:54 PM 1/4/02 +0100, Hadmut Danisch wrote:
>> > WASHINGTON -- Computer hackers...are turning their sights to home
>> > computers that are...less secure than ever before.
>>
>> On my private computer (DSL, dynamically assigned IP address), I
>> detect an increasing density of attack attempts.
>
> I see the same thing here.  But most of its http/web attacks against 
> the unicode vulnerability.  Back when code red was out of control I 
> performed a little experiment.  I took 5 IP address of Code Red 
> infected servers on DSL and tested them for the *very* old (Oct/Nov 
> 2000) unicode vulnerability.  All 5 systems had NOT been patched.  Its 
> not surprising that I now see virus infected machines trying to attack 
> my systems using unicode attack strings.  I guess somebody took the 
> idea one step further and developed a virus.
>
> It surprises me that providers like Earthlink & GTE (I have one DSL on 
> each) aren't taking measures to filter out virus traffic from infected 
> systems.  It seems a simple enough task to me.

Having worked as a security administrator at an ISP which had a dialup 
subscriber base of around 300,000, I can tell you that this is not a 
simple task.

Like most organisations, the networking component grows sporadically as 
the need arises. This is the same for an ISP. This makes implementing 
something that works across the board very difficult, due to the 
"evolved" nature of the network.

Implementing something like filtered incoming traffic against hacking 
attempts means you straight away have to look at a network IDS. Such 
beasts are not only costly, but until recently have been very difficult 
to implement over high-bandwidth links. The ISPs have only three 
options - allow all, deny incoming connections to "vulnerable" ports 
(HTTP, Netbios), or filter everything.

It would be a nightmare to implement a network IDS for most of the 
larger cable and dialup providers, and that's the reason you see many of 
them starting to block incoming connections to the problem ports.

<snip>

> - hawk
>

Cheers,
Nick

--
Real friends help you move bodies.




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list