On Saturday, January 5, 2002, at 08:08 AM, Hack Hawk wrote:
> At 06:54 PM 1/4/02 +0100, Hadmut Danisch wrote: >> > WASHINGTON -- Computer hackers...are turning their sights to home >> > computers that are...less secure than ever before. >> >> On my private computer (DSL, dynamically assigned IP address), I >> detect an increasing density of attack attempts. > > I see the same thing here. But most of its http/web attacks against > the unicode vulnerability. Back when code red was out of control I > performed a little experiment. I took 5 IP address of Code Red > infected servers on DSL and tested them for the *very* old (Oct/Nov > 2000) unicode vulnerability. All 5 systems had NOT been patched. Its > not surprising that I now see virus infected machines trying to attack > my systems using unicode attack strings. I guess somebody took the > idea one step further and developed a virus. > > It surprises me that providers like Earthlink & GTE (I have one DSL on > each) aren't taking measures to filter out virus traffic from infected > systems. It seems a simple enough task to me. Having worked as a security administrator at an ISP which had a dialup subscriber base of around 300,000, I can tell you that this is not a simple task. Like most organisations, the networking component grows sporadically as the need arises. This is the same for an ISP. This makes implementing something that works across the board very difficult, due to the "evolved" nature of the network. Implementing something like filtered incoming traffic against hacking attempts means you straight away have to look at a network IDS. Such beasts are not only costly, but until recently have been very difficult to implement over high-bandwidth links. The ISPs have only three options - allow all, deny incoming connections to "vulnerable" ports (HTTP, Netbios), or filter everything. It would be a nightmare to implement a network IDS for most of the larger cable and dialup providers, and that's the reason you see many of them starting to block incoming connections to the problem ports. <snip> > - hawk > Cheers, Nick -- Real friends help you move bodies. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]