Tell me I don't have a hacker

Discuss Networking
Posts: 668
Joined: Sun Jun 13, 2004 6:38 pm
Location: Hawaii

Post by worker201 »

Those graphs are insane. I can't believe how many Australians put up with that kind of thing.

Wouldn't it be smarter to mess with a different port? I mean, something like 80 or 21 is way more likely to be left open, even when firewalls are in place. I would think that attack-children would go for something that would increase their chance of access. But perhaps I'm not understanding the purpose or mechanincs of such an attack.

This has gone somewhat off-topic, but I think it would be instructive to many people to know exactly what goes on, and how we can better protect ourselves (aside from simply installing Linux or setting up firewalls).

Posts: 460
Joined: Tue Apr 08, 2003 3:28 pm

Post by ZiaTioN »

A port itself is merely a gateway. It is not the port itself that is a target but the service listening on that port. That is where the vulnerabilities are discovered at and that is the point of exploitation. The specific port is attacked because that is the known standard port that the vulnerable service runs on. If it were an SSH vulnerability the probed port would be 22. If it was a Microcrap IIS exploit the probed port would be 80, and so on.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA

Post by Void Main »

ZiaTioN is correct, and not only that this is a virus doing the probing, not some skr1pt kiddie. It's all automated and it is happening on innocent people's Windows machines without even knowing it's happening (except it will slow their network down considerably). An infected machine will scan entire blocks of IP addresses on port 445. If an unpatched Windows system is found it automatically exploits the vulnerability and installs a copy of itself on that machine and begins to probe other blocks of IP addresses, and round and round she goes. It really eats up a significant amount of bandwidth. Like I said, we can have one infected machine at a remote branch that will hog up the entire WAN pipe between the branch and the home office.

Post Reply