Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

The BBC's Honeypot PC 344

Posted by kdawson from the hijack-my-pc-please dept.
Alex Pontin writes, "This article from the BBC shows how vulnerable XP Home really is. Using a highly protected XP Pro machine running VMWare, the BBC hosted an unprotected XP Home system to simulate what an 'average' home PC faces when connected to the internet." From the article: "Seven hours of attacks: 36 warnings that pop-up via Windows Messenger. 11 separate visits by Blaster worm. 3 separate attacks by Slammer worm. 1 attack aimed at Microsoft IIS Server. 2-3 "port scans" seeking weak spots in Windows software." The machine was attacked within seconds of being connected to the Internet, and at no time did more than 15 minutes elapse between attacks.
This discussion has been archived. No new comments can be posted.

The BBC's Honeypot PC More

The BBC's Honeypot PC

Comments Filter:

  • Well Duh! (Score:3, Insightful)

    by fluffy99 ( 870997 ) on Monday October 09, 2006 @12:52PM (#16365807)
    So we've learned that putting an unprotected windows box on the internet is a bad idea - well duh! It probably doesn't help that they didn't bother with any updates, or turning on the firewall.

    • Re:Well Duh! (Score:4, Insightful)

      by Anonymous Coward on Monday October 09, 2006 @12:58PM (#16365917)
      The thing is, users do this EVERY DAY. So it is an important excercise. People here on Slashdot may know how to keep themselves protected, but I talk to Windows users ALL THE TIME who have their computer sitting on a broadband connection with no idea how to protect it (no hardware firewall, no spyware protection, whatever virus protection was bundled with the machine [but likely not updated with the latest signatures]).

      It's still a HUGE problem. So, maybe it's a no-brainer for you, but it isn't for the average user.

      • Indeed, AC (Score:5, Insightful)

        by QuaintRealist ( 905302 ) <quaintrealist&gmail,com> on Monday October 09, 2006 @01:28PM (#16366391) Homepage Journal
        All of the "well duh" folks miss the point. There are a lot of people out there with reinstall CDs for older machines. When their machine gets hit with malware, many of them "reload" windows and some of these head for Microsoft update.

        The point is that they are too late - they're perfectly likely to get hit before update can protect them, and perfectly likely to get hit with something as bad as what they had before.

        This really is a problem.

        • Re: (Score:3, Informative)

          by networkBoy ( 774728 )
          Bingo,
          Even something as basic as NAT through a cheapie router will buy them all the time they need to connect to windows update.
          It won't protect them from malicious connections once infected but because most all routers ignore incoming connection attempts the user is at least protected till patched (assuming the first thing they do is Windows Update, not pr0n surf).
          -nB
          • FWIW it's not that they ignore incoming connection attempts, it's just that they don't route between the internet and the inside network (they do NAT, but that's not QUITE the same thing) and unless a port is forwarded, there is no open port, and the connection fails. And anyway, if the device supports uPnP, then Windows is likely to open ports on it :P
          • I had some "friends of friends" who were running the reinstall loop due to malware. I gave them an old but locked down linksys router to connect through. Problem solved, but many don't know to do this sort of thing...

            One of the local medical offices "needed SP2" for some software they ran on a closed local network of 4 or 5 computers (i.e. totally unconnected to the internet). Somebody with just enough knowledge to be dangerous hooked the computers (one at a time) directly to a DSL line usually used for

        • Re:Indeed, AC (Score:4, Insightful)

          by Mister Whirly ( 964219 ) on Monday October 09, 2006 @01:44PM (#16366703) Homepage
          And this is why they should be letting a professional set their stuff up. If you knew nothing about cars, would you try to put an engine together and then drop it in by yourself, or would you take it to a mechanic? Most people seem to understand that, why should it be different just because we are talking about computers? Nothing like having your system owned as a way to hammer this point home. I certainly don't take the crass view of "well they get what they deserved for being ignorant" - but how do you combat naiveté among people? Especially with a technical subject that most people's eyes just glaze over when you start talking patches and firewalls? I think most folks just figure they can save $100 by setting it up themselves....Big mistake....

      • Re: (Score:2, Informative)

        by smilerz ( 939084 )
        Actually, new Windows systems come with the firewall on by default. None of the attacks that the BBC witnessed would have had an effect.

    • Re:Well Duh! (Score:5, Insightful)

      by jacquesm ( 154384 ) <j@NoSpam.ww.com> on Monday October 09, 2006 @01:04PM (#16366045) Homepage
      The BBC is not exactly known for being beginners at IT, they're the people that brought a lot of us (including me) into the age of personal computing with their BBC Micro Computer.

      The thing they've tried to do here is to accurately simulate what the average home user will do, and see what the consequences would be.

      It's like a 17 year old nude virgin visiting the octoberfest and expecting to come away 'unscathed', I give you that much. But anybody that buys one of those HP internet ready pc's with XP pre-installed that goes home and plugs in his / her machine is doing the exact same thing.

      The instructions even tell you to connect all that stuff *before* switching on in simple-to-use IKEA style no words diagrams. Don't be too quick to judge the beeb, they're pretty good at what they do.
      • Yes, that is exactly how a new user will work with his/her new PC.

        Which is why Microsoft should be focusing their efforts shutting off all open ports on a vanilla installation. Just as Ubuntu does right now.

        Once you've connected it and turned it on, the machine should check in and offer to download all the security patches. But it needs to offer to do this PRIOR to any of the ports being opened.

        Clicking "OKAY" (repeatedly) during the initial boot/first use should result in as secure and updated a machine as
      • Except those HP internet ready PC's ship with XP SP2 installed, and automatic updates enabled by default...
        • You'd be surprised at the time stuff can sit 'in channel'.

          Also, I bought one of these puppies about 3 months ago and since I had planned to install Linux on it anyway I just let it sit there for a couple of hours to see how long it would take to get infected and within two hours it was happily sending spam. (I did pull the plug at that point).

          I don't recall the version of XP that was on there, but it still surprised me how quickly it went.

    • Re:Well Duh! (Score:5, Informative)

      by SlartibartfastJunior ( 750516 ) on Monday October 09, 2006 @01:10PM (#16366131)
      it's easy to say "well duh!", but when you have a brand-new out-of-the-box computer, it doesn't exactly come with instructions. My grandmother has no way of knowing she's supposed to be running a firewall, or going to get a Microsoft Security update before doing anything else. WE know these things, because we hang out on Slashdot, but they're not obvious to the rest of the world, and I applaud the BBC for bothering to put this in people's minds. Until the day Microsoft starts shipping Windows with firewalls INSTALLED and ON by default, articles like this will truly be helpful.

      • Re: (Score:2, Informative)

        by Anonymous Coward
        Until the day Microsoft starts shipping Windows with firewalls INSTALLED and ON by default

        Hasn't this been the case since SP2?

        Maybe my copy of windows has been "enhanced" in this regard, but when I reinstall the firewall is installed and on.

      • Re: (Score:3, Informative)

        by d_jedi ( 773213 )
        Any brand new computer sold nowadays (not counting whiteboxes) comes preloaded with at least service pack 2 installed. You are prompted very shortly after taking the machine out of the box (along with other normal setup stuff, like naming your computer, and adding users..) to turn on automatic updates (which is the "recommended" setting).

      • Re: (Score:3, Interesting)

        by ben there... ( 946946 )
        Until the day Microsoft starts shipping Windows with firewalls INSTALLED and ON by default, articles like this will truly be helpful.

        Microsoft should really ship with all IP addresses except update.microsoft.com redirected to localhost, until you complete all critical updates.

        It will never happen, but it should.
    • Comment removed based on user account deletion
    • So we've learned that putting an unprotected windows box on the internet is a bad idea - well duh!

      Yes, the article does state the obvious, but, as most /. posters have already pointed out, your average Joe doesn't know what we regard as obvious.

      My issue with the article is it didn't provide any guidance on countermeasures. A sidebar or follow-up story on basic computer security would be useful. At least in Thursday's issue they will instruct readers on identifying phishing.

      Actually, I noticed this

  • And the moral of the story is. (Score:3, Informative)

    by AltGrendel ( 175092 ) <ag-slashdot.exit0@us> on Monday October 09, 2006 @12:53PM (#16365821) Homepage
    Home firewall/router software is better than nothing, and a small firewall/router hardware combo is probably better than that. Personally I perfer the Lynksys hardware.

    Of course, we all knew this already, didn't we? The results weren't suprising to me and I doubt that any of the regular /. crowd would be either. Yes, I mean you.

    • Re:And the moral of the story is. (Score:4, Insightful)

      by Rob T Firefly ( 844560 ) on Monday October 09, 2006 @12:56PM (#16365879) Homepage Journal
      We're not the target audience. Average home users probably aren't reading /., but they just might be BBC readers. Good "welcome to the real Internet" articles need to get out into the mainstream more, and I don't mean the standard "OMG INTERNETS BE AFARIAD OF PRON AND PEDOS AND ID THIEVES AND VIRUSESES IT GOING TO KILL YOU ALLS" that modern "news" seems to favor.

    • Re: (Score:2)

      by rf0 ( 159958 )
      The biggest issue to the security of the system is the human sat on the chair and clicking boxes they shouldn't and installing slightly dogey software. Of course having a decent level of OS secruity helps but taking what MS is doing in Vista with prompting for virtually everything just seems to get annoying. The best solution would be training people there is no point in hacking etc but of course that will never happen as at some level its either to show that people can hack, or money related with botnets e

    • Re: (Score:3, Insightful)

      by kosmosik ( 654958 )
      Yeah I *love* Linksys routers. Especially the few that pop up in my PDA using "linksys" ESSID without any access restrictions. ;)
    • Home firewall/router software is better than nothing, and a small firewall/router hardware combo is probably better than that. Personally I perfer the Lynksys hardware.

      ah yes... nothing underlines the superiority of Linux better than an XP user having to hide behind a Linux based "Hardware" firewall/router...

      • ah yes... nothing underlines the superiority of Linux better than an XP user having to hide behind a Linux based "Hardware" firewall/router...

        Actually, these days they're not Linux, they're VxWorks -- unless you special-order the "WRT54GL" version, which most people wouldn't do because you can't buy them at BestBuy and they cost more.

  • better question... (Score:3, Interesting)

    by 192939495969798999 ( 58312 ) <info AT devinmoore DOT com> on Monday October 09, 2006 @12:54PM (#16365835) Homepage Journal
    why is there such a thing as an "unprotected windows box"? Isn't this a serious fault of Microsoft that there's even a way to have an "unprotected" system on the internet? Seems to me that the microsoft firewall should be light, nimble and ALWAYS ON.
    • Except that once you purchase/steal software, it is yours. The firewall can be turned off at your liesure.
    • ...light, nimble and ALWAYS ON.

      pick any two.

    • Re: (Score:3, Insightful)

      by Danga ( 307709 )
      Seems to me that the microsoft firewall should be light, nimble and ALWAYS ON.

      I do believe that the default should be for the MS firewall to be on after installation, that would have saved problems for MANY inexperienced users whose windows boxes ended up getting owned within minutes of them connecting them to the internet. The MS firewall definitely seems to be light, nimble, and does a decent job but for users like me who prefer to use a software firewall that is more customizable (I like Kerio Personal

      • Re: (Score:2)

        by LordEd ( 840443 )
        The default since SP2 is for the firewall to be on. If you turn the firewall off, you get warnings to that effect on your system tray.
      • Leaving such a firewall on would have crippled numerous Microsoft demos where you just turned on the box and suddenly had access to lots of network resources. Explaining to sales staff that such demoware is begging for trouble and should be scrubbed to bare metal between uses is often quite difficult: they're reluctant to break what worked last time, even though they've just connected it to a public network at a blackhat conference and are guaranteed to be infested with the latest round of worms and viruses

    • Re: (Score:2)

      by julesh ( 229690 )
      Well, first of all, of course you can switch the firewall off. You have to be able to switch it off, because there is a reason why these exploitable services are network services, and that's because in some situations you might want another machine to connect to them.

      Secondly, the design fault of not activating the firewall by default was fixed with SP2. To have it disabled by default on a new install now, you'd have to be installing from an old disc.

    • Re: (Score:3, Insightful)

      by Blakey Rat ( 99501 )
      The firewall (which is pretty good) is on by default on any computer bought in the last 2 years. And older XP computers typically have a firewall installed (and turned on) by the company that sold it.

      Sure, the user could turn it off, but-- guess what?-- it's THEIR COMPUTER. You can turn off the firewall on your Linux or OS X machine, also. That said, Windows XP SP2 will make your life a pain in the ass if you do run it with no firewall. There are constant system tray messages reading "your system is at

  • Impressing (Score:5, Insightful)

    by ackthpt ( 218170 ) * on Monday October 09, 2006 @12:54PM (#16365843) Homepage Journal

    I set up a friend's new computer and installed a firewall, before attaching to to internet for the first time and he was stunned how fast the log of probes filled up. He'd never used a firewall before on his old XP machine.

    What bugs me is why there doesn't seem to be any decent coordinated effort to track the bots down and shut them down and to go after the perpetrators. Really, it doesn't seem that hard, it just seems like no government is interested in doing anything about it.

    • So you're trying to track down someone who's renting a server in Mongolia who allegedly sits in the Ukraine with a DNS entry made with a DNS provider in Kirgisistan which allegedly belongs to some guy in Turkmenistan.

      Your turn. Lemme give you a hint from experience: Neither of those 4 targets will get you anywhere. Getting legal help in some countries is a matter of faith. Or, rather, it's about as useful as faith in some deity.

      • Re:It IS hard (Score:4, Interesting)

        by bill_kress ( 99356 ) on Monday October 09, 2006 @02:04PM (#16367035)
        He said an coordinated effort. Of course no one person can get anywhere, but if we just decide not to accept this, we start blocking IP ranges, force the ISPs to deal with their spammers and botnets--it wouldn't take long at all to shut down the entire problem (and 60% of the web). Then you just bring up clean PCs one at a time--forward their DNS to a page that can lead you through the process of cleaning out your PC and contains a list of services that will help.

        Subsidize the creation of some decent anti-virus and service companies that can clean your computer remotely (Just don't build one nuke, that should take care of funding it for a few years)

        Of course we can't take these steps proactively, humans are too short-sighted, but we WILL do something like this reactively, It's going to happen--just a matter of time.
    • Aren't many self replicating or functional as an independent entity? I doubt many of these are being launched from an actual location that can be tracked down easily. Much of it is embedding in pages, spy-ware, or something similar online. You ask why there is no action taken against these bots, but the reality is that these bots are everywhere and not in one central location. One instance of a bot probably exists in dozens, if not thousands of locations.

      On the other hand, what would cleaning up the net r

    • Re: (Score:2)

      by AaronW ( 33736 )
      My logs quickly fill up too. A lot of it comes out of asia, China in particular. There's one IP address that is especially bad. Doing a google search had that subnet turn up in a several year old Department of Homeland Security document. I think a lot of countries either don't care or actively encourage it.

  • Yawn... (Score:4, Informative)

    by rsilvergun ( 571051 ) on Monday October 09, 2006 @12:58PM (#16365919)
    this has been done before with WinXP SP1, we already know it's insecure. But you know what? Most home users have firewalls now, if only in the form of a hardware router from their ISP, and any new users are running XP SP2. A simple firewall and a few trips to www.windowsupdate.com takes care of most problems. Now, a better article would point out who Windows Media Player will run any old code as root on your box if you've got "Obtain licenses automatically" checked. I can't believe there isn't more of a sh*t storm over that.

    • Re: (Score:2)

      by baadger ( 764884 )
      > Now, a better article would point out who Windows Media Player will run any old code as root on your box if you've got "Obtain licenses automatically" checked. I can't believe there isn't more of a sh*t storm over that.

      Please elaborate...I haven't read or heard of any recently scares surrounding WMP.
    • Most home users have firewalls now, if only in the form of a hardware router from their ISP,
      What ISP sends you a firewall?
      • Some of them send you software firewalls on the "signup kit" CD, but I don't know of any that will send you a hardware firewall/router, except as part of an occasional special promotion.

        I think that Comcast Broadband's "CD 'o Crap" includes a software firewall on it, ZoneAlarm or similar, but that won't do you much good if your computer is already compromised; I assume most rootkits will just disable a firewall from inside if you install one after you've been attacked. So they're pretty much useless to anyo

    • Re: (Score:2)

      by zaren ( 204877 )
      "Most home users have firewalls now, if only in the form of a hardware router from their ISP..."

      No, they don't.

      I can attest that the three Windows users I know have no such protections. One plugs directly into her cable modem, and the other two still use dialup. No firewall on any of them, and no router.

      Routers and firewalls are still high-end "geek" things, because, after all, my ISP will protect me! That's why I have all this nifty anti-virus software! (Note that my sister's anti-virus software had been e
    • You've apparently never worked in a larage university or corporate environment: the local firewalls are extremely lax, and even if the external firewalls or filtering are robust, there are just too many unmaintained and personal machines, and too many services that are being randomly connected, to rely on any local or departmental firewall for protection.

      The worst are the computer science professors, who think that because you installed updates for them when they bought the machine last year that they are s

  • Their 'unprotected'=flawed (Score:4, Informative)

    by i_should_be_working ( 720372 ) on Monday October 09, 2006 @12:59PM (#16365935)
    So by unprotected, they mean some old installation without any recent patches, not a patched machine with no firewall. Scared me for a moment.

    I can attest (I'm sure many can) to how fast an unpatched XP machine gets hit. I have an installation disc from 2002 (sp1). When I use it I install with the ethernet cable unplugged. After install I plug in the ethernet and go straight away to Windows update but still, on the last go, within 5 minutes I got a somewhat obviously (to me) fake and malicious pop-up telling me I'd better click on it to protect my computer.
    • "So by unprotected, they mean some old installation without any recent patches, not a patched machine with no firewall."

      They also mentioned attacks by worms that are irrelevant if you're not running stuff like (for example) an SQL server.

    • Re: (Score:3, Insightful)

      by garcia ( 6573 )
      I can attest (I'm sure many can) to how fast an unpatched XP machine gets hit. I have an installation disc from 2002 (sp1). When I use it I install with the ethernet cable unplugged. After install I plug in the ethernet and go straight away to Windows update but still, on the last go, within 5 minutes I got a somewhat obviously (to me) fake and malicious pop-up telling me I'd better click on it to protect my computer.

      You're obviously confused by the definition of "average home PC". The "average" home PC us
      • You're obviously confused by the concept of posting something that relates in any way to what you're replying to. Who said anything about an "average home PC" or "average" PC user? Not me. I was merely recalling a personal anecdote of how fast an upatched machine can get hit.

    • Re: (Score:3, Insightful)

      by evilviper ( 135110 )

      So by unprotected, they mean some old installation without any recent patches, not a patched machine with no firewall.

      What part of "The machine was attacked within seconds of being connected to the Internet," did you not understand?

      How quickly can you apply the latest service pack and all the patches to your fresh installation of Windows?

      Over 2 years ago, I was hearing from several people that experienced exactly that... They were incredibly frustrated that their freshly-installed systems were being compro

  • Many of these attacks were by worms such as SQL.Slammer and MS.Blaster both of which first appeared in 2003.

    ...

    The BBC honeypot was a standard PC running Windows XP Pro that was made as secure as possible.

    Wouldn't that include all patches that would specifically protect against Slammer and Blaster? Note, the article says "such as", not "similar to".

    • Re: (Score:3, Informative)

      by Spad ( 470073 )
      The BBC honeypot was a standard PC running Windows XP Pro that was made as secure as possible. This ran a software program called VMWare which allows it to host another "virtual" PC inside the host. Via VMWare we installed an unprotected version of Windows XP Home configured like any domestic PC.

  • Sorry but... (Score:3, Insightful)

    by Maxo-Texas ( 864189 ) on Monday October 09, 2006 @01:01PM (#16365975)
    I have windows XP and a $19 dlink router (and a lynksys before that) and I have had *zero* problems in 24 months.

    So okay- a naked machine may have an issue but this is really a non-issue if you spend an extra 20 bucks for an inexpensive router with a built in firewall.

    • Re: (Score:2)

      by zaren ( 204877 )
      And you're an experienced user who knows what a router is and what to do with a firewall.

      The vast majority of the computer using public isn't you.

      The vast majority just plugs directly into their connection.

      50% of the Internet using public still uses DIALUP.

      It sounds so easy from your end, but it sounds like Klingon from their end.
    • So okay- a naked machine may have an issue but this is really a non-issue if you spend an extra 20 bucks for an inexpensive router with a built in firewall.

      And that's $20 that the average computer user doesn't understand why they should "waste" on a funny box. I mean, they already use one of those surge-strip thingies, doesn't that mean that they're protected?

  • Yes but... (Score:2, Funny)

    by Harin_Teb ( 1005123 )
    Did they pass WGA?
  • This doesn't really show how vulnerable Windows XP really is, it shows how often it is subject to attack. Since all these are (mostly at least) worms and automated attacks, that's not really different from looking at the logs on my Linux boxes, where, for instance, my apache server is quite often "attacked" by a worm looking for IIS vulnerabilities.
    I like to bash MS as much as most people here, but this choice of words really misleading. True, never ever put an unpatched box un the Internet, especially if

    • Re: (Score:2)

      by rs232 ( 849320 )
      "This doesn't really show how vulnerable Windows XP really is, it shows how often it is subject to attack. Since all these are (mostly at least) worms and automated attacks, that's not really different from looking at the logs on my Linux boxes,"

      And where exactly are all these attacks coming from. Where are these worms and viruses hosted. What's different is all the attacks are coming for other compromised Windows boxen. Of course it's totally different, you're not being attacked by Linux boxes.

      "it is

    • Re: (Score:2, Informative)

      by jonadab ( 583620 )
      Yes, I think the reported who wrote up the article didn't fully understand the research that was being done. The point of the research is to look at what kinds of attacks are out there and, especially, which ones are common, as it helps security people to know better how to protect against them. The most important take-home message from this article, as near as I can tell, is don't connect a Windows XP system to the network without SP2. I knew that already (actually, I have a strong preference for an ext

  • Duh (Score:2, Insightful)

    by MeanMF ( 631837 )
    Well...I can guarantee that if you put a Linux or OS X box on the Internet that it would be attacked by exactly the same things. What's the point of this again?

    • Re: (Score:3, Interesting)

      by Macka ( 9388 )

      But the attacks would fail for a number of reasons. First and foremost because the attacks are targeted at Windows not Linux or OS X. Secondly OS X has a very capable built in Firewall thats always on. I can't speak for Linux because that will be up to the person who built it. Though my default Ubuntu 6.06 installation had no firewall enabled at install time, nor any option to configure or enable one before you get onto the internet and download the bits with synaptic.

    • "Well...I can guarantee that if you put a Linux or OS X box on the Internet that it would be attacked by exactly the same things. What's the point of this again?"

      The point is thet the Internet is infested with compromised Windows boxen. Ok, where are all the compromized Linux web servers. Assuming they are running Apache under Linux. According to Netcraft [netcraft.com] Apache usage is at roughly 980,00,000 while IIS is at 490,00,000. Why don't we see an equivalent number of compromised Linux servers.

      Yet another mo

  • Not just Windows (Score:5, Insightful)

    by pavera ( 320634 ) on Monday October 09, 2006 @01:09PM (#16366111) Homepage Journal
    I love linux, but alot of this stuff pretty much pertains to anything on the internet. Do you have a linux box on the public net with SSH open? I gaurantee you are getting more than 1000 attempted logins per day. This article talks about alot of "attempted" attacks, well my linux machines on the net get port scanned at least 10 times a day, any box that has ssh running on the default port is being dictionary attacked pretty much 24/7. Sure the linux boxes aren't being turned into zombies, and I'm not sending out boatloads of spam, but my apache servers get hit with IIS attacks regularly. Putting a box with open ports on the net gaurantees you will be attacked. It doesn't matter if its linux or windows.

    The difference is with windows you will probably get hacked, with linux you at least have a fighting chance.

    • Re:Not just Windows (Score:4, Interesting)

      by julesh ( 229690 ) on Monday October 09, 2006 @01:21PM (#16366283)
      Do you have a linux box on the public net with SSH open?

      Yes.

      I gaurantee you are getting more than 1000 attempted logins per day.

      Uh, no. On the occasional day I get a sustained attempt to guess a username/password combo, and such an attempt may well get up to 1,000 attempts, but in the last 4 days' log (all I keep), I don't see any such attempt. There were a couple of attempts on my FTP server, but it looks like the attacker closed the connection as soon as they saw the welcome banner; scanning for a particular server/version in the connection report, I guess.

    • Re: (Score:2)

      by xlv ( 125699 )
      Do you have a linux box on the public net with SSH open? I gaurantee you are getting more than 1000 attempted logins per day.

      You could install something like DenyHosts on your server. This will cut down the attacks as after 5 failed attempts the IP is banned for a while. At least it will reduce the size of the log file.

  • A Premium of Paying Vicitms (Score:4, Insightful)

    by demo9orgon ( 156675 ) on Monday October 09, 2006 @01:19PM (#16366247) Homepage
    Despite all the Microsoft apologists who will wring their hands and point out that certain things were not done in order to safety the Microsoft honeypot, the genuine service this article demonstrated is that people who turn on their new computer with its Microsoft operating system connected to the Internet are vulnerable to exploits which are automated and exist in abundance, ready to pounce upon current Microsoft operating systems.

    Even if you're a master of Microsoft "anti-ware" solutions and tweaks, what happens when someone who isn't takes a few wrong turns with their OS? It's toast, or worse, enslaved and used as a resource the end-user is paying for.

    I stopped using Microsoft operating systems to directly connect to the Internet nearly 10 years ago, when the sophistication of the exploits had developed to the point where it was no longer safe to use any Microsoft OS online. Since then it really hasn't gotten much better, has it?

    I think it's a shame that the company with the fattest pockets can't be bothered to get it right yet still demands to be on every PC made.
    • couldn't agree more. I mean, step back and look at this situation: it's utterly ridiculous. The trouble is the geneal public are not sophisticated enough to see this as primarily MS's problem brought about by bad design decisions.

  • C'mon, I hate MS but this is FUD (Score:3, Informative)

    by Opportunist ( 166417 ) on Monday October 09, 2006 @01:27PM (#16366385)
    The BBC ain't a computer biz company. They wanted a story. And what's a better (tech) story in the age of phishing and spam than "OMG TROJANS!"?

    Of COURSE you get plastered with portscans and worms hammering against the "well known" ports. That's normal. Welcome to real life on the 'net. You think it's different for my *nix Machine? It's not. My firewall-log is getting flooded with kids and worms trying to find some unprotected ports, trying to connect to 21, 22, 23, 80 and so on, just to see if there's anything running they could use. The real question is, how many successful attacks did happen? Saying XP is insecure because a billion people hammered at its doors is FUD. When a million of those make it in, though, it's a different matter.

    And yes, an unpatched WinXP is insecure. It simply is. Get a router and you're set against 99% of the external problems you may face. But then you still should not use the machine to access anything on the net, because some of the tools you're using (IE and Office being the two key players today) has known (and party unpatched) security issues that may cause execution of code when you're not really careful and know what you're doing.

    In a nutshell, going online with a MS product that's not well firewalled and using anything but alternative software for the access of online resources is grossly negligent IMO.
  • Yeah, there are bots and they keep sniffing. That is not news. How many of these known attacks actually succeeded? If none, it is pretty good. If one, "Redmond, we have a problem". I assume they OS they simulated was the one that gets shipped right now, not some original unpatched pre SP2 WinXP. If it was an old OS that is not being shipped by OEM vendors currently, then the test is bogus. It is anti MSFT FUD. All FUD is bad, whether it is anti-MSFT or anti-Linux.
  • ... that while they call attention to an obvious problem, they don't suggest any solution.
  • I usually am actually behind a Linksys Wireless Firewall/Router. Does that tend to help this kind of problem, or am I being pwned and not realizing it?

    • Re: (Score:3, Informative)

      by Antique Geekmeister ( 740220 )
      It helps a lot: but the firewall itself may be vulnerable. Check it for available updates.

      A lot of Windows machines get zombied pretty fast these days, by fascinating web security vulnerability hacks when the owners go web browsing even for legitimate materials and the hacks are installed on "owned" servers. These zombies then open up a port to designated controller machines on the outside for control by remote entities such as spammers using the machines to send the spam from unblocked netwrks. It's a seri

    • Re: (Score:3, Informative)

      by cr0sh ( 43134 )
      kisrael, I am with 'Geekmeister on this, too - check for updates. The best way to do this is to google " exploit" - so, for your case, you would google "Linksys exploit", and see what returns. I have personally bought three different used NAT routers from Goodwill (each cost under $10.00 used!), and before hooking them up, I checked for exploits (I currently use a homebrew P90 Freesco box) - all of them had an available exploit, and only one of them had an update to correct the exploit. On two of them, the
  • I have to question the blind assertion that this is the average user. Can one even establish a mean (or median) user on a number of different behavioral axes?

    This is a common myth among users and developers alike. I regularly hear "the majority of people aren't going to do that," but it's as silly to base design decisions on what the supposed majority will do in one case as it is to claim to be representative of the "average user" with one system. The BBC uses such vagaries as "However, at least once an

  • Nice Fearmongering (Score:3, Informative)

    by Effugas ( 2378 ) * on Monday October 09, 2006 @01:53PM (#16366867) Homepage
    I saw a great ad for an Antivirus product recently. "Finally, protect your users from the Melissa virus!"

    Dude, it's 2003, they want their security holes back.

    I'm not going to mince words: This story is BS. Lets take the money quote here:


    However, at least once an hour, on average, the BBC honeypot was hit by an attack that could leave an unprotected machine unusable or turn it into a platform for attacking other PCs.


    Really? Once an hour, something that'll remotely own XPSP2, just being leaked out over the Internet?


    "Seven hours of attacks: 36 warnings that pop-up via Windows Messenger. 11 separate visits by Blaster worm. 3 separate attacks by Slammer worm. 1 attack aimed at Microsoft IIS Server. 2-3 "port scans" seeking weak spots in Windows software."


    OK, Windows Messenger service is disabled in XPSP2...Blaster hasn't worked in years, Slammer never even hit XP Home by default (you had to install Visio), IIS isn't even available for XP Home, and port scans aren't too relevant when you have a firewall on by default.

    What a completely worthless story. You know, we have enough actual security problems going on (the glacier of cross site scripting exploits, what's going on in the online banking realm) that whinging about long solved problems is not only irresponsible; it's dangerous.

Slashdot Top Deals

"Money is the root of all money." -- the moving finger

Close