Ferrari Mailing List: Re: OT -- quality of HDMI cable Vs Wireless?

[Pat Scopelliti (pscopell]

There are a number of attack methods.

 

Denial of service attacks such as network floods, etc. are not really a concern for private citizens.  You’re not a target of value.

 

One valid attack is the outside folks probing your IP address for entry points.  This is where the plastic box routers help a lot.  Typically you’ll have every port closed except the one or two you actually need.  And even then you would forward traffic on that port to the one server inside your network.  For example, I only allow port 80 access into my network through my Linksys router.  And that traffic goes to a web server on one system.  So, the only entry possible is via one external port to one internal port on one internal system.  This is called port forwarding or port triggering, among other names.

 

So one attack method left is content inside the valid request.  The plastic routers typically do nothing for this.  You would need a modern firewall with packet inspection to handle this.  Services like web servers can have a number of vulnerabilities, especially when they aren’t kept up to current patch levels.   A “properly” formulated request can expose the vulnerability perhaps allowing the external user to transfer files or view unexpected content or even take control of the targeted system.

 

The most dangerous vulnerabilities are known as zero-day exploits.  These are vulnerabilities for which there is no patch (either because no one has designed one yet or no one except a specific few know about it).  The content can be attempts to use syntactically valid traffic to exploit a vulnerability of the web server or whatever other server you have exposed to the internet.  Google “command injection attack” to get a flavor of such vulnerabilities.  Note it’s a scary world out there!

 

So.. what did that Indian guy access?   The only way to determine this is to look through the log of the service he accessed.  Your one log entry was:

"[LAN access from remote] from 117.202.195.89:14815 to 192.168.1.3:26472, Wednesday, Feb 04,2015 05:00:42"

 

So what service is using port 26472 on your internal server at IP 192.168.1.3?  The log entry makes it sound like some sort of file-sharing or file access.  That port number does not jump to mind as a well-known one.  Look through the log for other entries from 117.202.195.89.  And look at logs on other systems for that IP address, just in case…  the logs should tell you what the person is trying to do. 

 

One thing I would ask is did you intend for this port to be available to the Internet?  If not, then get on that router and turn off that open door!

 

Of course, you have disabled external access to your router’s management, right?

 

Hope this helps…

 

Pat

 

Pat Scopelliti

pscopell [at] stny.rr.com

From: Ferrari [mailto:ferrari-bounces+pscopell=stny.rr.com [at] ferrarilist.com] On Behalf Of Rick Moseley
Sent: Thursday, February 05, 2015 3:02 PM
To: Pat Scopelliti
Cc: The FerrariList
Subject: Re: [Ferrari] OT -- quality of HDMI cable Vs Wireless?

 

Plastic box routers... store bought routers, DO provide some rudimentary protection.  But at best it's security is good for the day it's made but the dickheads of the world are always looking for ways to exploit you.   The problem is most of the techno-geeks that wrote the RFCs for the internet (now I'm dating myself) put in a lot of great things that allow you to do all sorts of cool things.  Then the dickheads who would rather steal than create found ways to use those cool things against their owners.  Its the way of the world, sadly. The more holes get plugged, the more holes they find/drill.  To truly stay ahead of the game you need some sort of IDS/IPS system that updates emerging threats hourly... yes, HOURLY.   Big corporations spend millions and have really bright boys working for their online security departments and they still get hacked...  So, the internet is thorny place, take your chances.   Honestly, I can't think of any legitimate reason a system in India needs to access a device on your system...

 

That said, keep your router firmware up to date. (most of the time they just make it work better but every now and they then update an exploit too...  ssh heartbleed for example).   What was your device at .3??  If its a PC, have someone experienced look at your logs.  If its a camera, segment it off your primary network.  Run your system through a VPN.  Don't go to porn sites.  Put your gaming PCs/boxes on a different segment.  Don't participate in social media...   the list goes on and on.

 

I do have lifelock but when my credit card got hacked last year, the bank was on it long before Lifelock.  I had to call Lifelock to report the compromised card.

 

Really want protection...  unplug it from the network.

 

---

From: LarryT <l02turner [at] comcast.net>
To: Rick Moseley <ramosel [at] pacbell.net>
Cc: The FerrariList <ferrari [at] ferrarilist.com>
Sent: Thursday, February 5, 2015 11:18 AM
Subject: Re: [Ferrari] OT -- quality of HDMI cable Vs Wireless?

 

Sorry - that was a dumb question ..  better I ask "can I tell where he went and if he copied anything?"

On 2/5/2015 2:11 PM, LarryT wrote:

Thx Pat (& others)
    I assume there's no way to know if their intent was legitimate?   Another couple of questions - I recall being told a router provided a certain level of protection?   Looks like that's not correct.    Also - it looks like Norton is falling down on the job!

what protection is best?  Should I have  LifeLock?  I don't have much but I don't want to be robbed...