As I noted in my last weblog, to use the Internet is to be a potential victim.
But until I installed a logging program called LinkLogger that builds reports from the router logs of my home network, I had no idea of just how constantly we’re all under attack.
I’ve been running the software for just about a week, and the results are startling. One just one PC on my network, there have been an average of about 80 to 90 attempted attacks or probes a day. Here’s what else the software shows me:
- The most common probe is one that looks via port 901 for the NetDevil Trojan on my system, so the prober can try and control my PC.
- Second most prevalent is a probe of port 4899, looking for remote administration software for controlling my PC.
- Tied for third place is the infamous myDoom, called by some the fastest-spreading email worm of all time, scanning on port 3127; and the SQL Slammer Worm on port 1434 looking for vulnerable Microsoft SQL Servers or MSDE systems
- Most of the probes are single attempts, or two or three attempts by the same person. But some people stay around a long time, or make repeated tries, with one person trying 66 times to break in.
I use NAT on my network, the ZoneAlarm firewall, and anti-virus and anti-spyware software, so I haven’t been victimized. And most likely most of the probes are done by script kiddies sending out automated probes to many thousands of PCs, and not targeting my system.
Still, it’s sobering to see. Intrusion attempts have become the background radiation of the Internet, and so these days, you better wear a lead suit when you log on.
Have you been targeted or broken into? Let me know.