|
|
I'm seeing lots of attacks. Is this normal?
This article applies to: BlackICE Defender.
SUMMARY
Yes.
DETAILS
How often you will detect scans depends upon your connection type
and how long you are connected.
- cable-modems
-
Scanned/attacked several times per day. It depends upon
the cable-modem segment you are on, but some people
are getting attacked as much as 20 times per day.
We believe scans are so common because hackers know
that virtually all cable-modems are in the range
24.x.x.x.
We
suspect that those in the low range of 24.1.x.x
receive more than those in higher ranges (i.e. 24.94.x.x).
- DSL modems
-
Varies widely, some are only about once per week,
others receive a couple per day. We suspect that
some DSL ranges are better known among hackers,
and therefore get attacked more.
- dial-up modems
-
This varies widely, though you should see a scan against
your system about once per month. It depends upon how often
you are online, and what ISP you use. Since some hackers "camp"
on IP addresses (waiting for people to dial-up), you are most
likely to be scanned within a few minutes after you connect
to the Internet.
The following are the most common attacks/scans against your system.
Because you are running a built-in firewall, the hackers rarely get
past the "scanning" stage (they only "attack" the system if the "scan"
reveals something interesting).
- TCP port probe
-
Hacker looking a particular way at your system (using TCP).
The hacker has a single exploit he/she is trying on millions
of systems.
- UDP port probe
-
Same as above, but with UDP.
- Trojan Horse probe
-
Testing to see if you've been compromised by a Trojan Horse,
using TCP.
- TCP port scan
-
Hacker is scanning for all the open ways into your system.
- WhatsUp scan
-
Hacker is scanning you with a popular program called "WhatsUp".
- UDP Trojan Horse probe
-
Similar as above, but using UDP.
- SOCKS port probe
-
Hacker is testing your system for SOCKS, which might
allow him/her to hide behind your system when attacking others.
- Back Orifice ping
-
Testing your system to see if you are vulnerable to Back Orifice.
- ICMP unreachable storm
-
Trying to disconnect your system from the network.
- SNMP discovery broadcast
-
Scanning your area of the network in order to discover systems.
- SUNRPC port probe
-
Testing your system to see if it supports UNIX, and then
to see which UNIX-specific ways he/she can break into your
system with. Obvious not a concern if you are running Windows.
- TELNET port probe
-
Another UNIX-specific test against your system.
- NetBIOS port probe
-
Tests to see if you have shared your hard disk with the
rest of the world (10% of Windows users do this).
The following are the most common reasons hackers attack systems:
- Island hopping
-
The hacker hopes to compromise your cable-modem or DSL connected
computer because it is often on 24-hours a day, and because
it always has the same IP address. The hacker hopes to then
funnel all his/her attacks through your machine in order to
hide his/her true IP address. Hackers often chain multiple
machines together like this. See SOCKS for more
info.
- ISP Passwords
-
The hacker wants to scan your system for passwords. If they find
your ISP information, they can dial-up as you and use your account
for their nefarious deeds. For example, they can dial in from a pay phone
and use your account to attack the Pentagon.
- Web-site Passwords
-
They are hoping maybe you have a paid account with porn sites,
and they want to steal those passwords so they can log in for free.
- Corporate Passwords
-
They are hoping you have some passwords on your machine (for telecommuting)
that they can use to bypass corporate firewalls.
- Personal Information
-
They are hoping to find maiden names, children names, social security
numbers and so on in order to commit "identity theft". If they get
this information, they can often steal money from your bank account.
- Online stock info
-
Some want simply to buy/sell stocks in your name, others want a check cut
to their name. If a hacker buys/sells stocks in your name, you are liable
for the result.
- Online bank info
-
The hacker wants to steal money from your account. You are liable for
losses in this manner.
- Credit card info
-
The hacker wants to steal your credit card. They will often
use it for porn accounts. You are generally NOT liable for credit card
loss if you check your bill regularly. For most credit cards, the maximum
damages you are liable for are $50.
Keywords: attacks
Version: all
Fixed: N/A
Modified: 1999-11-28
|
