According to a recent study at the University of Marlyand, hackers attack computers every 39 seconds. At the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, the research team confirmed the already known fact that passwords are easily bypassed and experts are right to advise the frequent changing of longer passwords that consist of an amalgamation of uppercase letters, lowercase letters and numbers. Michel Cukier’s team set up weak security on four Linux computers connected to the Internet and found that the hackers used a “dictionary script” that runs through lists of common usernames and passwords to break into the computer. After gaining access, hackers usually quickly changed passwords, checked hardware and software configurations, and then downloaded, installed and ran a program.
“Our data provide quantifiable evidence that attacks are happening all the time to computers with Internet connections. The computers in our study were attacked, on average, 2,244 times a day. Most of these attacks employ automated scripts that indiscriminately seek out thousands of computers at a time, looking for vulnerabilities. The scripts return a list of ‘most likely prospect’ computers to the hacker, who then attempts to access and compromise as many as possible,” Cukier said. “Often they set up ‘back doors’ — undetected entrances into the computer that they control — so they can create ‘botnets,’ for profit or disreputable purposes,” said Cukier.
Link: Forum Discussioin (Thanks Hum)
News source: MSNBC
“Our data provide quantifiable evidence that attacks are happening all the time to computers with Internet connections. The computers in our study were attacked, on average, 2,244 times a day. Most of these attacks employ automated scripts that indiscriminately seek out thousands of computers at a time, looking for vulnerabilities. The scripts return a list of ‘most likely prospect’ computers to the hacker, who then attempts to access and compromise as many as possible,” Cukier said. “Often they set up ‘back doors’ — undetected entrances into the computer that they control — so they can create ‘botnets,’ for profit or disreputable purposes,” said Cukier.
Link: Forum Discussioin (Thanks Hum) News source: MSNBC
I wouldn't constitute scanning for open net bus connections as "hacking," (as used in this context), I would constitute "hacking" a specific target (i.e. school server) for a specific purpose (i.e. facilitate cheating somehow), and usually ranges beyond a mere brute forcing attack (since most well configured servers will block that type of thing).
On a semi-related note, when I had more time, I used to try and connect to the machines and was suprised as to how many non-windows where trying to attack(3/4rds gave me default Apache sites on port 80 and various of flavors of linux prompts on ftp/telnet ports).
That is surprising.
I guess though, that in general it's probably Linux novices if they're leaving those types of holes open. Obviously there's other ways to tell, but port 80? Gosh...if a home user is running ftp, http, or something like that, at least make it a non-default port.
As far as reporting to ISPs. I don't know, I used to run a default port server and got hit up pretty often, it just seems more effort than it's worth. Especially if its just some 14 year old script kiddie seeing what anonymous ftp sites there are out there. I say let em learn, as long as I don't detect some sort of theft of material or malicious attack on me, I cant say I've ever really cared...even if they tried to brute force me, they'd never have gotten in.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.