Re: Attack Detected



On Thu, 28 Dec 2006, in the Usenet newsgroup comp.security.firewalls, in article
<4593ea1d$0$17135$4c368faf@xxxxxxxxxxxxxx>, Leythos wrote:

ibuprofin@xxxxxxxxxxxxxxxxxxxxxx says...

Leythos wrote:

Port scans ARE targeting YOU as they are scanning YOUR network - just
because they are scanning everyone else doesn't mean they are not
scanning you.

That's semantics.

Yes, it was, it was "semantics" to say that the scans were not targeting
individuals and to think that they don't really mean anything.

The comment is more for those individuals who, on seeing numerous
"attack" warnings from their personal firewall believes that all the
attacks are targeting them specifically. I didn't say that the port scans
are meaningless - merely that they are a fact of life.

And your method may not work for the OP or others - as some people may
have a web server or other running on their LAN that provides services
to family and friends also on the same ISP.

It's been mentioned countless times - know why OpenBSD has never had a
root exploit out-of-box (or so they claim)? Simple - _no_ network
services are enabled by default. You have to learn how to enable it, and
while doing so you hopefully will learn some of the really obvious bad
techniques to avoid. On the other hand, microsoft enables a _LOT_ of
stuff by default, on the off-chance that someone may find it useful.
The user therefore has no need (or incentive) to learn anything, with
the inevitable results.

I don't think you're missing anything that you don't want.

Bingo

(notice I said ignorant and nix, because there are a LOT of new
ignorant NIX users with exposed systems and more are added every day).

Isn't _that_ the truth. Still, the "popular" *nix tend more towards
the 'not running by default' mode, and stress separation of the root
verses normal users. "Ubuntu Linux" (a Debian clone) goes so far as to
not enable the root account. You can't log in as root. If you need to
do administrative things, you use 'su' or 'sudo'. That of course raises
other problems, but they are much less important than using the system
as root.

Old guy
.



Relevant Pages

  • Re: Programs only for Windows and not for Linux
    ... In most cases, the crack-masters have gone through many broken systems and worked out what the most common account names are, and then used large numbers of broken into systems as a very large john-the-ripper cluster to figure out what passwords they could get. ... PHP scanning. ... The big thing that comes up with several of these is that most botnet people are quite happy if they dont get root access. ... They can still execute their EnergyMech bot to get to some undernet IRC channel and get commands on what spam to send through the world. ...
    (microsoft.public.windows.vista.general)
  • Re: Programs only for Windows and not for Linux
    ... In most cases, the crack-masters have gone through many broken systems and worked out what the most common account names are, and then used large numbers of broken into systems as a very large john-the-ripper cluster to figure out what passwords they could get. ... PHP scanning. ... The big thing that comes up with several of these is that most botnet people are quite happy if they dont get root access. ... They can still execute their EnergyMech bot to get to some undernet IRC channel and get commands on what spam to send through the world. ...
    (microsoft.public.windows.vista.general)
  • [opensuse] using scanner in KDE4
    ... I can use Xsane and scan documents as root but as a normal user all scanning ... programs report that there are no available devices. ...
    (SuSE)