Today’s Metro has a front-page scare story about how the average broadband-connected, always-on PC in the UK could be “attacked up to 50 times a night” through port scans, viruses, etc..
About seven years ago I was still on dial-up, but using Linux. I had no kind of firewall. One day I looked at the list of logged in users and discovered that there was “someone else” on my workstation. I dropped the connection, and looked through logs to find out what had gone on. In the end I found that an attack originating in Slovakia had got past a vulnerability in named (on an old, old version of RedHat by today’s standards) and allowed the attacker to wander around my hard disk for a while. That was enough to shake me up quite a lot.
Nowadays, I swear by the hardware firewall in my router. If I was to log port scans on the router, I’m sure I’d see quite a lot of them. I have up to four machines running behind the router at any one time, but broadly speaking I worry about intrusion. Two are Linux machines with basic iptables rules; the other two are XP SP2 with the inbuilt firewall or ZoneLabs. I do have Apache running, and I tend to see a lot of “dodgy” traffic which usually appears to be trying to exploit some old vulnerability in IIS.
Am I too complacent? It probably would be a good idea to monitor incoming traffic more actively. I’m probably more concerned for my family running XP on an otherwise unprotected network. It’s a scary world out there 🙁