Today’s Metro has a front-page scare story about how the average broadband-connected, always-on PC in the UK could be “attacked up to 50 times a night” through port scans, viruses, etc..
About seven years ago I was still on dial-up, but using Linux. I had no kind of firewall. One day I looked at the list of logged in users and discovered that there was “someone else” on my workstation. I dropped the connection, and looked through logs to find out what had gone on. In the end I found that an attack originating in Slovakia had got past a vulnerability in named (on an old, old version of RedHat by today’s standards) and allowed the attacker to wander around my hard disk for a while. That was enough to shake me up quite a lot.
Nowadays, I swear by the hardware firewall in my router. If I was to log port scans on the router, I’m sure I’d see quite a lot of them. I have up to four machines running behind the router at any one time, but broadly speaking I worry about intrusion. Two are Linux machines with basic iptables rules; the other two are XP SP2 with the inbuilt firewall or ZoneLabs. I do have Apache running, and I tend to see a lot of “dodgy” traffic which usually appears to be trying to exploit some old vulnerability in IIS.
Am I too complacent? It probably would be a good idea to monitor incoming traffic more actively. I’m probably more concerned for my family running XP on an otherwise unprotected network. It’s a scary world out there 🙁
Maybe you could set up a honeypot on one of your machines to distract any would be explorers, it would also be a nice way to gather all that kind of information in one place.
Honeypots
Probably a worthwhile exercise. The only thing is that the point of the hardware firewall is to bounce most incoming traffic. I already have HTTP forwarded to a server that I use. I don’t know if my router has a “forward traffic on all non-specified ports to this port on this host” which would enable me to run one of the apps described on the Wikipedia article you link (which is a great article, by the way, I didn’t know about these apps).