University computers under cyber attack. [URL]

Please confine these topics to things that would be of general interest to those who are interested in FAH which don't fall into any other category.

Moderator: Site Moderators

Post Reply
7im
Posts: 10179
Joined: Thu Nov 29, 2007 4:30 pm
Hardware configuration: Intel i7-4770K @ 4.5 GHz, 16 GB DDR3-2133 Corsair Vengence (black/red), EVGA GTX 760 @ 1200 MHz, on an Asus Maximus VI Hero MB (black/red), in a blacked out Antec P280 Tower, with a Xigmatek Night Hawk (black) HSF, Seasonic 760w Platinum (black case, sleeves, wires), 4 SilenX 120mm Case fans with silicon fan gaskets and silicon mounts (all black), a 512GB Samsung SSD (black), and a 2TB Black Western Digital HD (silver/black).
Location: Arizona
Contact:

Re: University computers under cyber attack. [URL]

Post by 7im »

Whatever Stanford is doing seems to be working so far because fah keeps on running uninterrupted. Sorry, but this is kind of old news to the IT world.
How to provide enough information to get helpful support
Tell me and I forget. Teach me and I remember. Involve me and I learn.
Stonecold
Posts: 332
Joined: Sun Dec 25, 2011 9:20 pm

Re: University computers under cyber attack. [URL]

Post by Stonecold »

Old news? The article is from the 16th, one day ago... Or do you mean China's attacks in general?
Joe_H
Site Admin
Posts: 7926
Joined: Tue Apr 21, 2009 4:41 pm
Hardware configuration: Mac Pro 2.8 quad 12 GB smp4
MacBook Pro 2.9 i7 8 GB smp2
Location: W. MA

Re: University computers under cyber attack. [URL]

Post by Joe_H »

I assume 7im means in general. I am no longer in IT, but this was going on already for years when last I worked in IT 8 years ago.
Image

iMac 2.8 i7 12 GB smp8, Mac Pro 2.8 quad 12 GB smp6
MacBook Pro 2.9 i7 8 GB smp3
ChristianVirtual
Posts: 1576
Joined: Tue May 28, 2013 12:14 pm
Location: Tokyo

Re: University computers under cyber attack. [URL]

Post by ChristianVirtual »

Even for me as private user with a fixed IP address I get quite a number of "trials" into my system. Good to have a logging firewall. When I'm board I check with whois; and yes: lots of China, Romania and US (!) ...not only universities; just every IP address.
ImageImage
Please contribute your logs to http://ppd.fahmm.net
7im
Posts: 10179
Joined: Thu Nov 29, 2007 4:30 pm
Hardware configuration: Intel i7-4770K @ 4.5 GHz, 16 GB DDR3-2133 Corsair Vengence (black/red), EVGA GTX 760 @ 1200 MHz, on an Asus Maximus VI Hero MB (black/red), in a blacked out Antec P280 Tower, with a Xigmatek Night Hawk (black) HSF, Seasonic 760w Platinum (black case, sleeves, wires), 4 SilenX 120mm Case fans with silicon fan gaskets and silicon mounts (all black), a 512GB Samsung SSD (black), and a 2TB Black Western Digital HD (silver/black).
Location: Arizona
Contact:

Re: University computers under cyber attack. [URL]

Post by 7im »

How to provide enough information to get helpful support
Tell me and I forget. Teach me and I remember. Involve me and I learn.
Jesse_V
Site Moderator
Posts: 2850
Joined: Mon Jul 18, 2011 4:44 am
Hardware configuration: OS: Windows 10, Kubuntu 19.04
CPU: i7-6700k
GPU: GTX 970, GTX 1080 TI
RAM: 24 GB DDR4
Location: Western Washington

Re: University computers under cyber attack. [URL]

Post by Jesse_V »

I don't think it would be wise for the PG to answer you last questions there. I am however quite confident that they had devs who stay on top of such things. It is, after all, Stanford University. :)

Earlier this year i visited USU's IT security, and saw from one of their monitors the constant portscanning that is incoming and running over the IPs in their network. Most of these scans and such can be detected and blocked at their level before they even get to the individual machines.

I have noticed a few simple attempts at SSH logins on my machine, until I turned off the service and changed the default port.
F@h is now the top computing platform on the planet and nothing unites people like a dedicated fight against a common enemy. This virus affects all of us. Lets end it together.
folding_hoomer
Posts: 349
Joined: Sun Feb 10, 2013 6:06 pm
Hardware configuration: Sys 1: I7 2700K@4,4GHz with NH-C14
8GB G.Skill Sniper DDR3 1866MHz CL 9-10-9-28
MSI Z68A-GD65 (G3), various operating systems (WinXP, Ubuntu: 10.4.3 LTS, 12.04.2 LTS)
Optional: GTX560TI 448@stock/OC´d

Sys 2: I7 3930K@4,4GHz with Corsair H110
16GB G.Skill Ripjaws X DDR3 1866MHz CL 9-10-9-28
ASUS Ranpage IV Formula, Ubuntu 10.10

Sys 3 i7 875K@3,826 GHz with Scythe Mine2
8GB G.Skill Sniper DDR3 1866MHz CL 9-10-9-28
MSI P55-GD80, Win7 64Bit Pro
Sapphire Radeon HD5870@1,163V 900/1250MHz
Sapphire Radeon HD7870@1,218V 1200/1300MHz

Sys 4 i7 2600K@4,4GHz with Scythe Mine2
8GB G.Skill Sniper DDR3 1866MHz CL 9-10-9-28
MSI Z68A-GD65 (G3), various operating systems (WinXP, Ubuntu: 10.4.3 LTS, 12.04.2 LTS)
Optional: GTX560TI 448@stock/OC´d

Optional:
ASUS P5Q Pro with Q9550
ASUS P5Q Pro with Q6300
Location: Bavaria, Germany

Re: University computers under cyber attack. [URL]

Post by folding_hoomer »

Adam A. Wanderer wrote: I hope these are all being reported to some enforcement agency. Having a major, or at least an important, hacker/cracker caught now and then quietens down the rest of the bunch, for awhile.
I think this doesn´t really help - you can caught one thousand of them, but there are still waiting thousands to continue their work . . . :e(
Image
Jesse_V
Site Moderator
Posts: 2850
Joined: Mon Jul 18, 2011 4:44 am
Hardware configuration: OS: Windows 10, Kubuntu 19.04
CPU: i7-6700k
GPU: GTX 970, GTX 1080 TI
RAM: 24 GB DDR4
Location: Western Washington

Re: University computers under cyber attack. [URL]

Post by Jesse_V »

Adam A. Wanderer wrote:
folding_hoomer wrote:
Adam A. Wanderer wrote: I hope these are all being reported to some enforcement agency. Having a major, or at least an important, hacker/cracker caught now and then quietens down the rest of the bunch, for awhile.
I think this doesn´t really help - you can caught one thousand of them, but there are still waiting thousands to continue their work . . . :e(
There'll be ten thousands more if an effort isn't made. It's like a triangle, software, hardware, enforcement all work together to reduce the problem. We may never stop it, be we can reduce it to a manageable level.
Don't you think some "enforcement agency" is already aware of these attacks? I doubt that our discussions here have any significant impact on their efforts, though I have faith that they are looking into it considering its impact.

It's very difficult to control the Internet. (Anyone who's been targeted by Anonymous should know this.) Groups, agencies, and even governments have tried and failed to do so in various ways in the past. One could view this problem as yet another reason individuals and companies should shore up their digital defences, and that's good news for anyone going into IT or computer security.
F@h is now the top computing platform on the planet and nothing unites people like a dedicated fight against a common enemy. This virus affects all of us. Lets end it together.
P5-133XL
Posts: 2948
Joined: Sun Dec 02, 2007 4:36 am
Hardware configuration: Machine #1:

Intel Q9450; 2x2GB=8GB Ram; Gigabyte GA-X48-DS4 Motherboard; PC Power and Cooling Q750 PS; 2x GTX 460; Windows Server 2008 X64 (SP1).

Machine #2:

Intel Q6600; 2x2GB=4GB Ram; Gigabyte GA-X48-DS4 Motherboard; PC Power and Cooling Q750 PS; 2x GTX 460 video card; Windows 7 X64.

Machine 3:

Dell Dimension 8400, 3.2GHz P4 4x512GB Ram, Video card GTX 460, Windows 7 X32

I am currently folding just on the 5x GTX 460's for aprox. 70K PPD
Location: Salem. OR USA

Re: University computers under cyber attack. [URL]

Post by P5-133XL »

My router has always been continuously probed and has been for years. Currently my router logs are indicating several probes per minute on ports 80, 8080, 443, and 7000 (to some extent it tells you what they are interested in). The specific ports change over time but that is what is currently being probed on my router. I've just locked the router firewall down as best I can and then I check Shields up to verify that no probe will get any response i.e. stealthed. I tried blocking specific IP addresses but they changed to frequently so manually entering them into a block list was to labor intensive and I quit doing that after a while.

Several years ago, I checked a bunch of IP's to the probes and yes they were mostly Chinese in origin (less than 5% were Russian, or American). I contacted my ISP (Comcast) giving them the IP addresses and they said that they will only do something if the source is from within their own network (i.e. a Comcast customer) and recommended that I run a firewall, anti-virus, anti-spyware. It seems that for them hacking from the outside is fair-game.

It really is a sad state of affairs because I really shouldn't be much of a target. The fact that this has been going on for years and I'm just one IP address gives a scale of what is going on everywhere
Image
bruce
Posts: 20824
Joined: Thu Nov 29, 2007 10:13 pm
Location: So. Cal.

Re: University computers under cyber attack. [URL]

Post by bruce »

The Universities and Businesses probably spend their efforts on blocking attacks and safeguarding their data, and much less on "reporting" to catch individuals, but you can bet the NSA/Military/etc. gather enough information to help block attacks as they evolve.
7im
Posts: 10179
Joined: Thu Nov 29, 2007 4:30 pm
Hardware configuration: Intel i7-4770K @ 4.5 GHz, 16 GB DDR3-2133 Corsair Vengence (black/red), EVGA GTX 760 @ 1200 MHz, on an Asus Maximus VI Hero MB (black/red), in a blacked out Antec P280 Tower, with a Xigmatek Night Hawk (black) HSF, Seasonic 760w Platinum (black case, sleeves, wires), 4 SilenX 120mm Case fans with silicon fan gaskets and silicon mounts (all black), a 512GB Samsung SSD (black), and a 2TB Black Western Digital HD (silver/black).
Location: Arizona
Contact:

Re: University computers under cyber attack. [URL]

Post by 7im »

We have no juriisdiction in China. Nothing we can do will reduce their numbers.
How to provide enough information to get helpful support
Tell me and I forget. Teach me and I remember. Involve me and I learn.
P5-133XL
Posts: 2948
Joined: Sun Dec 02, 2007 4:36 am
Hardware configuration: Machine #1:

Intel Q9450; 2x2GB=8GB Ram; Gigabyte GA-X48-DS4 Motherboard; PC Power and Cooling Q750 PS; 2x GTX 460; Windows Server 2008 X64 (SP1).

Machine #2:

Intel Q6600; 2x2GB=4GB Ram; Gigabyte GA-X48-DS4 Motherboard; PC Power and Cooling Q750 PS; 2x GTX 460 video card; Windows 7 X64.

Machine 3:

Dell Dimension 8400, 3.2GHz P4 4x512GB Ram, Video card GTX 460, Windows 7 X32

I am currently folding just on the 5x GTX 460's for aprox. 70K PPD
Location: Salem. OR USA

Re: University computers under cyber attack. [URL]

Post by P5-133XL »

7im wrote:We have no juriisdiction in China. Nothing we can do will reduce their numbers.
Jurisdiction is a govt concept and not applicable. There is absolutely nothing stopping an ISP from determining which IP addresses are involved in port scanning and choosing to block those IP addresses from ever entering or leaving their network. If a bunch of major ISP's decided to do that as policy it could effectively stop that stage of an attack in its tracks.

Note that port scanning is not an actual attack per-say, it is merely one step used at finding out what IP's and ports are worthy of trying to infiltrate (attack). If the attacker does not know what is susceptible it is much less likely to be able to expend the appropriate resources and be successful.
Image
7im
Posts: 10179
Joined: Thu Nov 29, 2007 4:30 pm
Hardware configuration: Intel i7-4770K @ 4.5 GHz, 16 GB DDR3-2133 Corsair Vengence (black/red), EVGA GTX 760 @ 1200 MHz, on an Asus Maximus VI Hero MB (black/red), in a blacked out Antec P280 Tower, with a Xigmatek Night Hawk (black) HSF, Seasonic 760w Platinum (black case, sleeves, wires), 4 SilenX 120mm Case fans with silicon fan gaskets and silicon mounts (all black), a 512GB Samsung SSD (black), and a 2TB Black Western Digital HD (silver/black).
Location: Arizona
Contact:

Re: University computers under cyber attack. [URL]

Post by 7im »

Right. I was indicating that PG has no power to shut down hackers inside of China. No way to reduce those numbers. Not that they were helpless against attacks. There are lots of ways to fight them off.
How to provide enough information to get helpful support
Tell me and I forget. Teach me and I remember. Involve me and I learn.
Stonecold
Posts: 332
Joined: Sun Dec 25, 2011 9:20 pm

Re: University computers under cyber attack. [URL]

Post by Stonecold »

ChristianVirtual wrote:Even for me as private user with a fixed IP address I get quite a number of "trials" into my system. Good to have a logging firewall. When I'm board I check with whois; and yes: lots of China, Romania and US (!) ...not only universities; just every IP address.
There's a difference between an automated attack machine connecting to a random IP, trying a few common root passwords for SSH on port 22, and giving up. This seems more like it's an actual hacker rather than some dumb bot which only manages to compromise the absolutely worst secured computers.
Post Reply