[Random-bits] Ted Bridis and Terry Jones on always on and hacking

[James Love]

These are notes from Ted Bridis and Terry Jones on the always on issue.
Jamie

------------------------
>From tbridis@ap.org Sat Jan 22 22:03:45 2000
Date: Sat, 22 Jan 2000 21:26:43 -0500
From: Ted Bridis <tbridis@ap.org>
To: James Love <love@cptech.org>
Subject: Re: [Random-bits] Always on ISPs and Hacking

Jamie,

I've written about this problem before for the AP's national wire, and I
will again. I've had a cable modem from @home in northern Virginia for about
5 months now, and I also highly recommend some type of firewall solution. I
run a $29 software utility on the NT 4 Server that runs my in-home network.
(One of the most interesting benefits is that it tells me -- since it
monitors all inbound *and* outbound traffic -- when any of my software is
surreptitiously "calling home" to the company's corporate servers, which
happens suprisingly often, even with supposedly non-network-aware products,
such as a graphics package).

But I think it may be stretching things when Ed writes, "have noticed that
I'm attacked an average of twice a day by hackers." He probably means his
machine is randomly scanned for possible vulnerabilities that might be
exposed, which is different, I think, than a deliberate "attack by hackers"
that targets a specific IP (like a denial-of-service attack). While there
isn't really any reason for a person to scan your computer's ports, I
suspect Ed may be taking it a little personally (and, besides, there are
benign reasons why you might be receiving what appear to be suspicious
inbound packets. Anybody with a copy of PC Anywhere on your subnet, for
example, will send out a signal to see if anyone else is running PC
Anywhere).

It's also incorrect to say that @home doesn't do anything to protect its
customers. My understanding is that they do filter the SMB port, which means
the problem of your neighbor's computer showing up in your Windows 9x
"Network Neighborhood" doesn't happen (ie, you also can't map your
neighbor's drives as though he were on your LAN).

If you buy a house and decide not to lock your doors -- or decide against
learning how to operate your home alarm system -- is it really the builder's
fault when you're burglarized? I think user's should shoulder a little more
personal responsibility to learn about the ramifications of some of their
decisions (ie, enabling file & print sharing with one of these "always on"
connections, or binding TCP/IP also to the NIC that runs your internal
network traffic).

Rgds,
Ted Bridis, AP
Washington


<-------------------------------------------------------------->

>From terry@jones.tc Sat Jan 22 22:03:48 2000
Date: Sun, 23 Jan 2000 03:52:17 +0100 (CET)
From: terry jones <terry@jones.tc>
Reply-To: tc.jones@jones.tc
To: James Love <love@cptech.org>
Subject: [Random-bits] Always on ISPs and Hacking


The mail about always-on connections is a bit of a red herring.

The always-on part really has nothing to do with the problem, it just
makes those machines into more stable targets.

The problem, which will receive more attention now that detection
software is slowly making its way into the world of the PC, is that
detection software hasn't formerly been widely available or recognized
as being important.

It's trivial for a cracker to scan for the IP addresses in use by an
ISP. A machine at the other end of the line can be attacked regardless
of whether it's always on or on for 5 minutes. That issue is almost
orthogonal to the possibility of attack. It just makes the window of
possibility longer for _that_ machine.

Normal people generally don't realize that when they turn on their
modem and make a PPP connection that they are really on the internet.
On the other hand, people who've been using the internet for many
years and administrating machines that are connected to it have long
taken measures to watch for and correct problems. There is an enormous
disparity: both types of machine are equally connected yet one type of
user is (rightly) paranoid and acreful, while the other is totally
oblivious.  This disparity will be reduced, but only slowly and
(necessarily) painfully...


Regards,
Terry.