My computer got attacked over a dozen times over last weekend. The interesting thing was, I brought it on myself.
You see, I got a new cable modem from Toshiba and installed it in my office on Friday afternoon. A brand new modem, a brand new connection. The installers from Cablevision left about 2:30 pm, after doing their drilling and stapling the cable along my walls. By 3:00 pm, I had a test machine running Windows 2000 attached to the cable modem. By 3:30pm, I already had received my first unwelcome visitors.
The only thing I did to my test machine was to install a copy of Norton Internet Security on the box. That's it. I set it up to repel anyone trying to enter the machine, and to keep as complete a log as it could about the intruders. This is on a brand new line, with a brand new IP address, with a brand new machine. I wasn't running a web server, or anything else other than the default Windows stuff.
I did send an email containing my IP address to my high school networking class, and encouraged them to try to break into my machine. (What we teachers do for our students as part of the learning process!) But this was after my first recorded attack. Indeed, one student managed to scan my ports but couldn't find anything open. Norton logged his attempt, along with attempts from several others from places as far away as Canada, Boston, Michigan, and even Peoria, Ill. Yes, there are people, or at least computers, in Peoria that were trying to enter my computer over the weekend.
Why me? Why not? I was just another ignorant computer user, who was doing what Cablevision (my cable Internet provider) told me to do -- hook up my PC to my cable modem and grab an IP address from its network and surf away. Pity what Cablevision doesn't tell you is that this cesspool of hackers is out there, just scanning all of its IP addresses as a matter of course. And they are doing it constantly, day in and day out.
Several of the attempts were to try to install Trojan horses, or other bad-tempered viruses, on my machine. Luckily, they were stopped by my Norton software. One of my friends wasn't so lucky. He spent last weekend removing a virus from his PC. He had a software firewall installed on it -- but in doing some maintenance on his PC, he forgot to enable it for a few days. That was all it took, and his weekend was spent on a series of phone calls to Dell technical support, cleaning up after his mistake.
I put some of the blame squarely on Cablevision (along with other cable Internet providers). They don't tell people that the Internet is a nasty place, and they omit mentioning how people can and should protect themselves. Instead, they encourage people to lie about their computing configurations, charging extra for a network of computers and not giving out details about simple software and hardware tools that can protect their customers from these evil-doers.
Given a choice, I prefer the hardware solution over software: it doesn't cost much more, and now there are plenty of what I call "frhubs" for firewall/router/hubs available from Netgear, Linksys, SMC, and tons of other companies. The Netgear line is perhaps the most complete, with something there for just about every home or small office configuration.
So: you've been warned. Directly connect your PC to your cable modem -- or any other Internet provider -- without any protection, and suffer the consequences. At least I didn't spend my weekend formatting my hard disk like my friend.
And tomorrow, November 7 at 4pm I'll be giving a presentation at the O'Reilly Peer to Peer networking show in Washington DC, talking about the various file sharing programs and where they have come in the post-Napster era. Do stop by if you are at the show or in the area. You can read some more about peer to peer file sharing for an article that I wrote for the web site 8Wire.com, along with other articles for them on the new networking enhancements to Windows XP.
Finally, just wanted to alert you to a presentation that I did online last week for SearchSecurity.com. I have been writing for these kind folks, and their sister web site SearchWin2000.com, for a while now. The presentation I did was on enterprise wireless security, and if you go to my web page you can click on the link to the presentation.
To subscribe, send a blank email to
informant-subscribe@pez.oreillynet.com
To be removed from this list, send a blank email to
informant-unsubscribe@pez.oreillynet.com
David Strom
david@strom.com
+1 (516) 944-3407
back issues
entire contents copyright 2001 by David Strom, Inc.
Web Informant is ® registered trademark with the U.S. Patent and Trademark Office.
ISSN #1524-6353 registered with U.S. Library of Congress.