back to article Old Windows exploits dominate hack attack traffic

China and US are the leading sources of hacking attacks, which are overwhelmingly targeted against Windows systems. According to a new study by content distribution firm Akamai the two countries accounted for 30 per cent of attack traffic during the first quarter of 2008. Around 17 per cent of denial of service and exploit …

COMMENTS

This topic is closed for new posts.
  1. Rich Silver badge

    If it's that easy...

    If so many attacks are apparently so simple - ie - attacking ports 135 (30%), 139 and 22 - (12%), then why aren't more people simply closing off these ports at their firewalls?

    I can accept that for ports 135 and 139, in many cases, these will be attacks on machines at home and the poor victim won't know one end of an ethernet cable from the other (actually, they're the same... ok - bad analogy), but I would think that most people using SSH know a bit about what they are doing and so ought to be on top of this problem.

    Maybe there ought to be a standard whereby internet router manufacturers pre-set their equipment with default firewall rules to block these very common ports on the basis that if you DO want these ports open, you probably know what you are doing anyway and can open them up again.

    Most people only need outgoing ports TCP 25, 80, 110 (I think that's POP, no?), 143 (IMAP, or 993 - IMAPS), 443, and UDP 53 plus a few other ports for the pirated-software-and-music-distribution-protocol software of your choice. Everything else can be closed off, most people wouldn't see the difference, and for the most part, it would save an awful lot of grief.

  2. Steven
    Coat

    Old Windows "XP" exploits dominate hack attack traffic.

    Shouldn't that read:

    'Old Windows "XP" exploits dominate hack attack traffic'

    As patched vulnerabilities from XP in theory wouldn't be present in Vista...

    Don't start the Mac and Linux boys on another were more secure than you rant.

    Old OS's that people don't bother to update deserve to get targeted IMO they may as well paint a target on their backs.

  3. brainwrong

    Old systems

    So it's got nothing to do with people running old software that's no longer supported or updated, either because they have old hardware or because they see no point in upgrading to bigger bloatware???

  4. Chris Miller

    No shit, Sherlock

    So the greatest volume of attack traffic (i.e. the greatest number of infected systems) comes from those countries with the greatest number of Internet users. Whodathunkit?

    A comparison on a country by country basis of the ratio of attack traffic to the number of IP addresses might tell us something interesting.

  5. Anonymous Coward
    Anonymous Coward

    @Rich

    "Most people only need outgoing ports TCP 25, 80, 110....."

    I think you're getting confused. These are the ports you connect to on a server, not the local source ports.

  6. Nexox Enigma

    @Steven

    """Shouldn't that read:

    'Old Windows "XP" exploits dominate hack attack traffic'"""

    Actually I believe that lots of the attacks still target Windows 2000 as well. I've seen plenty of Nimda and CodeRed scans lately, and an unpatched 2000 machine connected directly to the net without any firewall will last about 4 seconds before complete destruction sets in. The problem is updates, not the Windows version.

    Wonder how many of those SSH scans were aimed at that Debian ssl flaw... In any case - use damned strong passwords, and disable root ssh access, otherwise you're just asking to get owned (if you need SSH access to world+dog, anyway, otherwise firewall it.)

  7. foo_bar_baz

    ssh

    Do not use password auth at all, use public key authentication.

  8. Maty

    US and China eh?

    Wouldn't have anything to do with the one having most computers per head, and the other having a huuuuge population catching up fast on computers per capita? Let's guess, San Marino and Andorra are not threats to the world internet infrastructure?

    I've noticed things fall downward in the presence of gravity. Where can I publish?

  9. Ken Lord
    Jobs Horns

    Everyone Missed the point.

    The real (and unmentioned) point of this article is that there have been no new significant exploits for Windows in a few years that can be taken advantage of in massive numbers like in 'the good ole days'.

    In other words ... Windows has become more secure, A properly patched and properly used XP computer is not at much risk, and a Vista computer is absolutely more secure than an XP or older Windows computer, at least until some new vulnerability is exposed.

    As for the people worried about Bloat ... come out of your dark corners, spend two seconds looking at the prices and sizes of current hard drives and give yourselves a smack. Then look at the capabilities of current hardware compared to the power actually needed for your websurfing and emailing habits ... and smack yourself again, why not use some of that wasted power?

    ... Meanwhile in Linux Land, 128 bit security certificates created in the last 2 years on Debian and Ubuntu systems have been revealed to only be useless 16 bit certificates, that have rendered insecure potentially millions of systems, linux or otherwise, that use the certificates ... How many millions will be spent by IT departments everywhere weeding out the bad certificates? Thanks Linux Land!

  10. Anonymous Coward
    Jobs Horns

    @Missing the Point.

    Sorry Steve, the reason people use old exploits is because no one is using Vista, which is no more secure than any other version of Windoze. They are not really happy with your seven year old OS but you keep scaring them away from Linux.

  11. Jim
    IT Angle

    @ Rich

    I think you missed TCP/UDP 123, very useful if you like your clock to stay pretty accurate.

    @AC @Rich

    "I think you're getting confused. These are the ports you connect to on a server, not the local source ports."

    I think when Rich said "outgoing ports ..." he meant "outgoing connections to ports ..."

  12. Alfazed
    Happy

    Talk about missing the point

    The company revealing this ground breaking news can certainly be described as a content provider.

    In fact it is so prolific in serving ads that it has several hundred domains listed in my hosts file (copied from my old uni's system - thankfully), and that's how it stays.

    So be careful IF registering for this little tit bit.

    ALF

  13. Anonymous Coward
    Anonymous Coward

    "looking at ... sizes of current hard drives"

    Then look at the prices and sizes of backup devices and media.

    A PC needs more than a recovery partition, especially if its OS is Windoze.

    Affordable backup devices have hardly moved on since the writable DVD hit the consumer market, but if you get a virus infestation, how are you going to recover a known good copy of 200GB+ of the OS and data ? Even HD-DVD and/or Blu-Ray don't really cut it.

  14. Steve Evans

    @Rich

    I think you're a little confused. I can't think of any home router that routes anything inwards by default.

    The only way data is allowed in from the internet to your home PC is when you have initiated the connection yourself from the PC, then the router knows to let a reply come back through. When you drop the connection to that port the router clears the entry and you're closed off again.

    I think the big problem is people who are not behind a NAT router, but actually have the public IP on their machine, i.e. dialup modem, USB broadband adapter. Plus of course those who don't bother with even free antivirus and execute any old attachment they receive in email or IM, no amount of firewall will safe you from basic stupidity.

  15. Stephen Stagg

    @ foo_bar_baz

    That's assuming that the PKI keys are secure. The recent debian fiasco with insecure keys proves that this is not always the case.

  16. Anonymous Coward
    Alert

    ignorance may be an excuse

    This very subject arose on my home pc (on at all times, higher speed internet- things do catch up like the bigger computers out there). Upon analyzing packets never ending, for no reason...it was indeed ports associated with worms doing what worms do...they seek other computers. May not even be a malicious attacks by the computer owners, but they could be victims themselves and don't know it. Another big attacker for home users..."game server" ports that don't stop after you do. I had one go on and on for DAYS. If I was a bit more prejudice and stupid, I'd be yelling "ddos attack!" and whipping out the linux of paranoia cd like it was 1998 all over again.

  17. Steven
    Boffin

    @ AC

    "Then look at the prices and sizes of backup devices and media.

    A PC needs more than a recovery partition, especially if its OS is Windoze"

    Erm just buy another 200GB drive for backup???

  18. Pascal Monett Silver badge

    @Steve Evans

    You are perfectly right - not many people have a proper router with a hardware firewall.

    I have had one for the past six years, and I know nothing of infections or even scans. I don't exist on the net - not until I go and request a page.

    I have six or seven friends with which I regularly converse electronically - but the only ones that have a router/firewall are the ones who work in the IT business.

    The others, with little IT knowledge and just enough Windows know-how to get them by during the day, have software firewall, anti-virus and anti-spam apps because I insisted they should.

    So yes, I totally believe that most home users have insufficient protection. They are simply not aware neither of the dangers, nor of the solutions.

  19. Jeff
    Thumb Down

    Bloat

    Ah, the usual assertion that more RAM, more storage and more CPU power gives Microsoft a license to bloat. You obviously forget that disk seek times and transfer rates have been rising at a minimal rate compared to silicon, which nullifies that argument completely when an app isn't cached in RAM.

This topic is closed for new posts.

Other stories you might like