PCs at risk online

Today’s Metro has a front-page scare story about how the average broadband-connected, always-on PC in the UK could be “attacked up to 50 times a night” through port scans, viruses, etc..

About seven years ago I was still on dial-up, but using Linux. I had no kind of firewall. One day I looked at the list of logged in users and discovered that there was “someone else” on my workstation. I dropped the connection, and looked through logs to find out what had gone on. In the end I found that an attack originating in Slovakia had got past a vulnerability in named (on an old, old version of RedHat by today’s standards) and allowed the attacker to wander around my hard disk for a while. That was enough to shake me up quite a lot.

Nowadays, I swear by the hardware firewall in my router. If I was to log port scans on the router, I’m sure I’d see quite a lot of them. I have up to four machines running behind the router at any one time, but broadly speaking I worry about intrusion. Two are Linux machines with basic iptables rules; the other two are XP SP2 with the inbuilt firewall or ZoneLabs. I do have Apache running, and I tend to see a lot of “dodgy” traffic which usually appears to be trying to exploit some old vulnerability in IIS.

Am I too complacent? It probably would be a good idea to monitor incoming traffic more actively. I’m probably more concerned for my family running XP on an otherwise unprotected network. It’s a scary world out there šŸ˜¦

Advertisements

2 responses to “PCs at risk online

  1. Maybe you could set up a honeypot on one of your machines to distract any would be explorers, it would also be a nice way to gather all that kind of information in one place.

    Honeypots

    Like

  2. Probably a worthwhile exercise. The only thing is that the point of the hardware firewall is to bounce most incoming traffic. I already have HTTP forwarded to a server that I use. I don’t know if my router has a “forward traffic on all non-specified ports to this port on this host” which would enable me to run one of the apps described on the Wikipedia article you link (which is a great article, by the way, I didn’t know about these apps).

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s