Re: hacker tracking
On Mon, 19 Jun 2017 08:00:30 -0700
Mike McClain <mike.junk.46@att.net> wrote:
> On Sun, Jun 18, 2017 at 08:05:41PM -0500, John Hasler wrote:
> > The hits are coming from bots running on cracked computers. The
> > botnet operators control them through several layers of indirection.
> >
> > I suspect that a majority of the Windows boxes in the world may be
> > under the control of botnets.
> > --
> > John Hasler
> > jhasler@newsguy.com
> > Elmwood, WI USA
>
> Hi John,
> If I understand correctly you're saying that for someone with my
> limited knowledge and abilities, this is an exercise in futility since
> most IP addresses I collect will not be those of hackers but rather
> of those already hacked.
I don't think your abilities matter, nobody can look at an IP address
and divine the real origin of the problem. Almost all (you should hope
'all') of these probes will be coming from dumb software running on the
hacked machines, and occasionally reporting back to base.
> Since you've brought that idea to my attention it makes sense to
> me but is somewhat depressing.
But even a basic firewall will keep out the rubbish. As long as you're
not a high-profile target, you can expect not to come to the attention
of any real hackers.
I used to keep a log of this stuff, with a simple script to count the
port accesses per day, just out of curiosity. A sudden increase in
connections to a port usually meant a new vulnerability found in one of
the applications which used it. But my current router seems to have no
logging and definitely no syslog ability, so I haven't been doing it
for a while.
On the whole, unwanted visitors are invited in these days, with offers
or appeals to human wants. Also, poorly defended web servers can have
dangerous links embedded in the pages. And more recently, the Internet
of Things has been spreading rudimentary web servers with poor security
all around the world... just stay alert.
--
Joe
Reply to: