[10058] in cryptography@c2.net mail archive
Re: Hackers Targeting Home Computers
daemon@ATHENA.MIT.EDU (Hadmut Danisch)
Sat Jan 5 16:24:57 2002
From: Hadmut Danisch <hadmut@danisch.de>
Date: Fri, 4 Jan 2002 20:59:22 +0100
To: Jeff Simmons <jsimmons@goblin.punk.net>
Cc: cryptography@wasabisystems.com, dcsb@ai.mit.edu
Message-ID: <20020104195922.GA12040@danisch.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
In-Reply-To: <200201041942.g04JgSv15469@goblin.punk.net>
On Fri, Jan 04, 2002 at 11:42:27AM -0800, Jeff Simmons wrote:
>
> Unless I'm misunderstanding you, I find this hard to believe.
>
> On my computer (DSL, fixed IP), which is pretty heavily monitored, I'm
> detecting only a few, maybe up to a dozen, actual attacks a day. Most of
> them are from well-known root kits, targeting old vulnerabilities. Sunrpc,
> lpr, imap, and anonymous ftp seem to be popular. Most attacks come from
> Asia, eastern Europe used to be popular, but seems to have died down
> recently.
>
> The only way I could get anywhere near your numbers is to count all of the
> Windows-based http attacks coming from automated worms and the like.
>
> I'd be interested in hearing from others what kind and frequency of attacks
> they're experiencing.
There's good reason for the different results.
I'm located in Germany and my DSL line is from "Deutsche Telekom"
(T-DSL, T-Online). This is by far the biggest provider in
Germany for private DSL internet access, and they also do
provide large numbers of modem and ISDN accounts. They use
a few very well known ip address ranges for all DSL, modem and
ISDN customers. Scanning the T-Online address ranges allows you
to find heaps of german private computers. Many of the attacks
I detect come from within the T-Online network, others often come from
the countries you describe. I compared results with some of the
colleagues results and with results we get from commercial firewalls
at the same time. There is a significant difference. It
appears that the T-Online network ranges are a favored
target of many hackers/scanners/script kiddies.
There's no doubt that some attackers prefer attacking private
computers and select address ranges where they find most of
these computers.
Hadmut
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
