University computers under cyber attack. [URL]

[7im]

Whatever Stanford is doing seems to be working so far because fah keeps on running uninterrupted. Sorry, but this is kind of old news to the IT world.

[Stonecold]

Old news? The article is from the 16th, one day ago... Or do you mean China's attacks in general?

[Joe_H]

I assume 7im means in general. I am no longer in IT, but this was going on already for years when last I worked in IT 8 years ago.

[ChristianVirtual]

Even for me as private user with a fixed IP address I get quite a number of "trials" into my system. Good to have a logging firewall. When I'm board I check with whois; and yes: lots of China, Romania and US (!) ...not only universities; just every IP address.

[7im]

See also: Main FAH FAQ - What about security issues?

[Jesse_V]

I don't think it would be wise for the PG to answer you last questions there. I am however quite confident that they had devs who stay on top of such things. It is, after all, Stanford University.

Earlier this year i visited USU's IT security, and saw from one of their monitors the constant portscanning that is incoming and running over the IPs in their network. Most of these scans and such can be detected and blocked at their level before they even get to the individual machines.

I have noticed a few simple attempts at SSH logins on my machine, until I turned off the service and changed the default port.

[folding_hoomer]

I hope these are all being reported to some enforcement agency. Having a major, or at least an important, hacker/cracker caught now and then quietens down the rest of the bunch, for awhile.

I think this doesn´t really help - you can caught one thousand of them, but there are still waiting thousands to continue their work . . .

[Jesse_V]

I hope these are all being reported to some enforcement agency. Having a major, or at least an important, hacker/cracker caught now and then quietens down the rest of the bunch, for awhile.

I think this doesn´t really help - you can caught one thousand of them, but there are still waiting thousands to continue their work . . .

There'll be ten thousands more if an effort isn't made. It's like a triangle, software, hardware, enforcement all work together to reduce the problem. We may never stop it, be we can reduce it to a manageable level.

Don't you think some "enforcement agency" is already aware of these attacks? I doubt that our discussions here have any significant impact on their efforts, though I have faith that they are looking into it considering its impact.

It's very difficult to control the Internet. (Anyone who's been targeted by Anonymous should know this.) Groups, agencies, and even governments have tried and failed to do so in various ways in the past. One could view this problem as yet another reason individuals and companies should shore up their digital defences, and that's good news for anyone going into IT or computer security.

[P5-133XL]

My router has always been continuously probed and has been for years. Currently my router logs are indicating several probes per minute on ports 80, 8080, 443, and 7000 (to some extent it tells you what they are interested in). The specific ports change over time but that is what is currently being probed on my router. I've just locked the router firewall down as best I can and then I check Shields up to verify that no probe will get any response i.e. stealthed. I tried blocking specific IP addresses but they changed to frequently so manually entering them into a block list was to labor intensive and I quit doing that after a while.

Several years ago, I checked a bunch of IP's to the probes and yes they were mostly Chinese in origin (less than 5% were Russian, or American). I contacted my ISP (Comcast) giving them the IP addresses and they said that they will only do something if the source is from within their own network (i.e. a Comcast customer) and recommended that I run a firewall, anti-virus, anti-spyware. It seems that for them hacking from the outside is fair-game.

It really is a sad state of affairs because I really shouldn't be much of a target. The fact that this has been going on for years and I'm just one IP address gives a scale of what is going on everywhere

[bruce]

The Universities and Businesses probably spend their efforts on blocking attacks and safeguarding their data, and much less on "reporting" to catch individuals, but you can bet the NSA/Military/etc. gather enough information to help block attacks as they evolve.

[7im]

We have no juriisdiction in China. Nothing we can do will reduce their numbers.

[P5-133XL]

We have no juriisdiction in China. Nothing we can do will reduce their numbers.

Jurisdiction is a govt concept and not applicable. There is absolutely nothing stopping an ISP from determining which IP addresses are involved in port scanning and choosing to block those IP addresses from ever entering or leaving their network. If a bunch of major ISP's decided to do that as policy it could effectively stop that stage of an attack in its tracks.

Note that port scanning is not an actual attack per-say, it is merely one step used at finding out what IP's and ports are worthy of trying to infiltrate (attack). If the attacker does not know what is susceptible it is much less likely to be able to expend the appropriate resources and be successful.

[7im]

Right. I was indicating that PG has no power to shut down hackers inside of China. No way to reduce those numbers. Not that they were helpless against attacks. There are lots of ways to fight them off.

[Stonecold]

Even for me as private user with a fixed IP address I get quite a number of "trials" into my system. Good to have a logging firewall. When I'm board I check with whois; and yes: lots of China, Romania and US (!) ...not only universities; just every IP address.

There's a difference between an automated attack machine connecting to a random IP, trying a few common root passwords for SSH on port 22, and giving up. This seems more like it's an actual hacker rather than some dumb bot which only manages to compromise the absolutely worst secured computers.