Hackers Targeting Home Computers

Hadmut Danisch hadmut at danisch.de
Fri Jan 4 14:59:22 EST 2002


On Fri, Jan 04, 2002 at 11:42:27AM -0800, Jeff Simmons wrote:
> 
> Unless I'm misunderstanding you, I find this hard to believe.
> 
> On my computer (DSL, fixed IP), which is pretty heavily monitored, I'm 
> detecting only a few, maybe up to a dozen, actual attacks a day.  Most of 
> them are from well-known root kits, targeting old vulnerabilities.  Sunrpc, 
> lpr, imap, and anonymous ftp seem to be popular.  Most attacks come from 
> Asia, eastern Europe used to be popular, but seems to have died down
> recently. 
> 
> The only way I could get anywhere near your numbers is to count all of the 
> Windows-based http attacks coming from automated worms and the like.
> 
> I'd be interested in hearing from others what kind and frequency of attacks 
> they're experiencing.


There's good reason for the different results.

I'm located in Germany and my DSL line is from "Deutsche Telekom"
(T-DSL, T-Online). This is by far the biggest provider in 
Germany for private DSL internet access, and they also do 
provide large numbers of modem and ISDN accounts. They use
a few very well known ip address ranges for all DSL, modem and
ISDN customers. Scanning the T-Online address ranges allows you 
to find heaps of german private computers. Many of the attacks
I detect come from within the T-Online network, others often come from
the countries you describe. I compared results with some of the 
colleagues results and with results we get from commercial firewalls
at the same time. There is a significant difference. It
appears that the T-Online network ranges are a favored
target of many hackers/scanners/script kiddies.

There's no doubt that some attackers prefer attacking private
computers and select address ranges where they find most of
these computers.

Hadmut




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list