University computers under cyber attack. [URL]
Moderator: Site Moderators
-
- Posts: 10179
- Joined: Thu Nov 29, 2007 4:30 pm
- Hardware configuration: Intel i7-4770K @ 4.5 GHz, 16 GB DDR3-2133 Corsair Vengence (black/red), EVGA GTX 760 @ 1200 MHz, on an Asus Maximus VI Hero MB (black/red), in a blacked out Antec P280 Tower, with a Xigmatek Night Hawk (black) HSF, Seasonic 760w Platinum (black case, sleeves, wires), 4 SilenX 120mm Case fans with silicon fan gaskets and silicon mounts (all black), a 512GB Samsung SSD (black), and a 2TB Black Western Digital HD (silver/black).
- Location: Arizona
- Contact:
Re: University computers under cyber attack. [URL]
Whatever Stanford is doing seems to be working so far because fah keeps on running uninterrupted. Sorry, but this is kind of old news to the IT world.
How to provide enough information to get helpful support
Tell me and I forget. Teach me and I remember. Involve me and I learn.
Tell me and I forget. Teach me and I remember. Involve me and I learn.
Re: University computers under cyber attack. [URL]
Old news? The article is from the 16th, one day ago... Or do you mean China's attacks in general?
-
- Site Admin
- Posts: 7926
- Joined: Tue Apr 21, 2009 4:41 pm
- Hardware configuration: Mac Pro 2.8 quad 12 GB smp4
MacBook Pro 2.9 i7 8 GB smp2 - Location: W. MA
Re: University computers under cyber attack. [URL]
I assume 7im means in general. I am no longer in IT, but this was going on already for years when last I worked in IT 8 years ago.
iMac 2.8 i7 12 GB smp8, Mac Pro 2.8 quad 12 GB smp6
MacBook Pro 2.9 i7 8 GB smp3
-
- Posts: 1576
- Joined: Tue May 28, 2013 12:14 pm
- Location: Tokyo
Re: University computers under cyber attack. [URL]
Even for me as private user with a fixed IP address I get quite a number of "trials" into my system. Good to have a logging firewall. When I'm board I check with whois; and yes: lots of China, Romania and US (!) ...not only universities; just every IP address.
Please contribute your logs to http://ppd.fahmm.net
-
- Posts: 10179
- Joined: Thu Nov 29, 2007 4:30 pm
- Hardware configuration: Intel i7-4770K @ 4.5 GHz, 16 GB DDR3-2133 Corsair Vengence (black/red), EVGA GTX 760 @ 1200 MHz, on an Asus Maximus VI Hero MB (black/red), in a blacked out Antec P280 Tower, with a Xigmatek Night Hawk (black) HSF, Seasonic 760w Platinum (black case, sleeves, wires), 4 SilenX 120mm Case fans with silicon fan gaskets and silicon mounts (all black), a 512GB Samsung SSD (black), and a 2TB Black Western Digital HD (silver/black).
- Location: Arizona
- Contact:
Re: University computers under cyber attack. [URL]
How to provide enough information to get helpful support
Tell me and I forget. Teach me and I remember. Involve me and I learn.
Tell me and I forget. Teach me and I remember. Involve me and I learn.
-
- Site Moderator
- Posts: 2850
- Joined: Mon Jul 18, 2011 4:44 am
- Hardware configuration: OS: Windows 10, Kubuntu 19.04
CPU: i7-6700k
GPU: GTX 970, GTX 1080 TI
RAM: 24 GB DDR4 - Location: Western Washington
Re: University computers under cyber attack. [URL]
I don't think it would be wise for the PG to answer you last questions there. I am however quite confident that they had devs who stay on top of such things. It is, after all, Stanford University.
Earlier this year i visited USU's IT security, and saw from one of their monitors the constant portscanning that is incoming and running over the IPs in their network. Most of these scans and such can be detected and blocked at their level before they even get to the individual machines.
I have noticed a few simple attempts at SSH logins on my machine, until I turned off the service and changed the default port.
Earlier this year i visited USU's IT security, and saw from one of their monitors the constant portscanning that is incoming and running over the IPs in their network. Most of these scans and such can be detected and blocked at their level before they even get to the individual machines.
I have noticed a few simple attempts at SSH logins on my machine, until I turned off the service and changed the default port.
F@h is now the top computing platform on the planet and nothing unites people like a dedicated fight against a common enemy. This virus affects all of us. Lets end it together.
-
- Posts: 349
- Joined: Sun Feb 10, 2013 6:06 pm
- Hardware configuration: Sys 1: I7 2700K@4,4GHz with NH-C14
8GB G.Skill Sniper DDR3 1866MHz CL 9-10-9-28
MSI Z68A-GD65 (G3), various operating systems (WinXP, Ubuntu: 10.4.3 LTS, 12.04.2 LTS)
Optional: GTX560TI 448@stock/OC´d
Sys 2: I7 3930K@4,4GHz with Corsair H110
16GB G.Skill Ripjaws X DDR3 1866MHz CL 9-10-9-28
ASUS Ranpage IV Formula, Ubuntu 10.10
Sys 3 i7 875K@3,826 GHz with Scythe Mine2
8GB G.Skill Sniper DDR3 1866MHz CL 9-10-9-28
MSI P55-GD80, Win7 64Bit Pro
Sapphire Radeon HD5870@1,163V 900/1250MHz
Sapphire Radeon HD7870@1,218V 1200/1300MHz
Sys 4 i7 2600K@4,4GHz with Scythe Mine2
8GB G.Skill Sniper DDR3 1866MHz CL 9-10-9-28
MSI Z68A-GD65 (G3), various operating systems (WinXP, Ubuntu: 10.4.3 LTS, 12.04.2 LTS)
Optional: GTX560TI 448@stock/OC´d
Optional:
ASUS P5Q Pro with Q9550
ASUS P5Q Pro with Q6300 - Location: Bavaria, Germany
Re: University computers under cyber attack. [URL]
I think this doesn´t really help - you can caught one thousand of them, but there are still waiting thousands to continue their work . . .Adam A. Wanderer wrote: I hope these are all being reported to some enforcement agency. Having a major, or at least an important, hacker/cracker caught now and then quietens down the rest of the bunch, for awhile.
-
- Site Moderator
- Posts: 2850
- Joined: Mon Jul 18, 2011 4:44 am
- Hardware configuration: OS: Windows 10, Kubuntu 19.04
CPU: i7-6700k
GPU: GTX 970, GTX 1080 TI
RAM: 24 GB DDR4 - Location: Western Washington
Re: University computers under cyber attack. [URL]
Don't you think some "enforcement agency" is already aware of these attacks? I doubt that our discussions here have any significant impact on their efforts, though I have faith that they are looking into it considering its impact.Adam A. Wanderer wrote:There'll be ten thousands more if an effort isn't made. It's like a triangle, software, hardware, enforcement all work together to reduce the problem. We may never stop it, be we can reduce it to a manageable level.folding_hoomer wrote:I think this doesn´t really help - you can caught one thousand of them, but there are still waiting thousands to continue their work . . .Adam A. Wanderer wrote: I hope these are all being reported to some enforcement agency. Having a major, or at least an important, hacker/cracker caught now and then quietens down the rest of the bunch, for awhile.
It's very difficult to control the Internet. (Anyone who's been targeted by Anonymous should know this.) Groups, agencies, and even governments have tried and failed to do so in various ways in the past. One could view this problem as yet another reason individuals and companies should shore up their digital defences, and that's good news for anyone going into IT or computer security.
F@h is now the top computing platform on the planet and nothing unites people like a dedicated fight against a common enemy. This virus affects all of us. Lets end it together.
-
- Posts: 2948
- Joined: Sun Dec 02, 2007 4:36 am
- Hardware configuration: Machine #1:
Intel Q9450; 2x2GB=8GB Ram; Gigabyte GA-X48-DS4 Motherboard; PC Power and Cooling Q750 PS; 2x GTX 460; Windows Server 2008 X64 (SP1).
Machine #2:
Intel Q6600; 2x2GB=4GB Ram; Gigabyte GA-X48-DS4 Motherboard; PC Power and Cooling Q750 PS; 2x GTX 460 video card; Windows 7 X64.
Machine 3:
Dell Dimension 8400, 3.2GHz P4 4x512GB Ram, Video card GTX 460, Windows 7 X32
I am currently folding just on the 5x GTX 460's for aprox. 70K PPD - Location: Salem. OR USA
Re: University computers under cyber attack. [URL]
My router has always been continuously probed and has been for years. Currently my router logs are indicating several probes per minute on ports 80, 8080, 443, and 7000 (to some extent it tells you what they are interested in). The specific ports change over time but that is what is currently being probed on my router. I've just locked the router firewall down as best I can and then I check Shields up to verify that no probe will get any response i.e. stealthed. I tried blocking specific IP addresses but they changed to frequently so manually entering them into a block list was to labor intensive and I quit doing that after a while.
Several years ago, I checked a bunch of IP's to the probes and yes they were mostly Chinese in origin (less than 5% were Russian, or American). I contacted my ISP (Comcast) giving them the IP addresses and they said that they will only do something if the source is from within their own network (i.e. a Comcast customer) and recommended that I run a firewall, anti-virus, anti-spyware. It seems that for them hacking from the outside is fair-game.
It really is a sad state of affairs because I really shouldn't be much of a target. The fact that this has been going on for years and I'm just one IP address gives a scale of what is going on everywhere
Several years ago, I checked a bunch of IP's to the probes and yes they were mostly Chinese in origin (less than 5% were Russian, or American). I contacted my ISP (Comcast) giving them the IP addresses and they said that they will only do something if the source is from within their own network (i.e. a Comcast customer) and recommended that I run a firewall, anti-virus, anti-spyware. It seems that for them hacking from the outside is fair-game.
It really is a sad state of affairs because I really shouldn't be much of a target. The fact that this has been going on for years and I'm just one IP address gives a scale of what is going on everywhere
Re: University computers under cyber attack. [URL]
The Universities and Businesses probably spend their efforts on blocking attacks and safeguarding their data, and much less on "reporting" to catch individuals, but you can bet the NSA/Military/etc. gather enough information to help block attacks as they evolve.
Posting FAH's log:
How to provide enough info to get helpful support.
How to provide enough info to get helpful support.
-
- Posts: 10179
- Joined: Thu Nov 29, 2007 4:30 pm
- Hardware configuration: Intel i7-4770K @ 4.5 GHz, 16 GB DDR3-2133 Corsair Vengence (black/red), EVGA GTX 760 @ 1200 MHz, on an Asus Maximus VI Hero MB (black/red), in a blacked out Antec P280 Tower, with a Xigmatek Night Hawk (black) HSF, Seasonic 760w Platinum (black case, sleeves, wires), 4 SilenX 120mm Case fans with silicon fan gaskets and silicon mounts (all black), a 512GB Samsung SSD (black), and a 2TB Black Western Digital HD (silver/black).
- Location: Arizona
- Contact:
Re: University computers under cyber attack. [URL]
We have no juriisdiction in China. Nothing we can do will reduce their numbers.
How to provide enough information to get helpful support
Tell me and I forget. Teach me and I remember. Involve me and I learn.
Tell me and I forget. Teach me and I remember. Involve me and I learn.
-
- Posts: 2948
- Joined: Sun Dec 02, 2007 4:36 am
- Hardware configuration: Machine #1:
Intel Q9450; 2x2GB=8GB Ram; Gigabyte GA-X48-DS4 Motherboard; PC Power and Cooling Q750 PS; 2x GTX 460; Windows Server 2008 X64 (SP1).
Machine #2:
Intel Q6600; 2x2GB=4GB Ram; Gigabyte GA-X48-DS4 Motherboard; PC Power and Cooling Q750 PS; 2x GTX 460 video card; Windows 7 X64.
Machine 3:
Dell Dimension 8400, 3.2GHz P4 4x512GB Ram, Video card GTX 460, Windows 7 X32
I am currently folding just on the 5x GTX 460's for aprox. 70K PPD - Location: Salem. OR USA
Re: University computers under cyber attack. [URL]
Jurisdiction is a govt concept and not applicable. There is absolutely nothing stopping an ISP from determining which IP addresses are involved in port scanning and choosing to block those IP addresses from ever entering or leaving their network. If a bunch of major ISP's decided to do that as policy it could effectively stop that stage of an attack in its tracks.7im wrote:We have no juriisdiction in China. Nothing we can do will reduce their numbers.
Note that port scanning is not an actual attack per-say, it is merely one step used at finding out what IP's and ports are worthy of trying to infiltrate (attack). If the attacker does not know what is susceptible it is much less likely to be able to expend the appropriate resources and be successful.
-
- Posts: 10179
- Joined: Thu Nov 29, 2007 4:30 pm
- Hardware configuration: Intel i7-4770K @ 4.5 GHz, 16 GB DDR3-2133 Corsair Vengence (black/red), EVGA GTX 760 @ 1200 MHz, on an Asus Maximus VI Hero MB (black/red), in a blacked out Antec P280 Tower, with a Xigmatek Night Hawk (black) HSF, Seasonic 760w Platinum (black case, sleeves, wires), 4 SilenX 120mm Case fans with silicon fan gaskets and silicon mounts (all black), a 512GB Samsung SSD (black), and a 2TB Black Western Digital HD (silver/black).
- Location: Arizona
- Contact:
Re: University computers under cyber attack. [URL]
Right. I was indicating that PG has no power to shut down hackers inside of China. No way to reduce those numbers. Not that they were helpless against attacks. There are lots of ways to fight them off.
How to provide enough information to get helpful support
Tell me and I forget. Teach me and I remember. Involve me and I learn.
Tell me and I forget. Teach me and I remember. Involve me and I learn.
Re: University computers under cyber attack. [URL]
There's a difference between an automated attack machine connecting to a random IP, trying a few common root passwords for SSH on port 22, and giving up. This seems more like it's an actual hacker rather than some dumb bot which only manages to compromise the absolutely worst secured computers.ChristianVirtual wrote:Even for me as private user with a fixed IP address I get quite a number of "trials" into my system. Good to have a logging firewall. When I'm board I check with whois; and yes: lots of China, Romania and US (!) ...not only universities; just every IP address.