This forum is in read-only mode for archive purposes, please use our new forum at https://community.justflight.com
Forum Home Forum Home > Just Chat > Just Chat - General Discussion
  New Posts New Posts RSS Feed - Cybercrime Risk Rising Sharply
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Cybercrime Risk Rising Sharply

 Post Reply Post Reply
Author
Message
VulcanB2 View Drop Down
Chief Pilot
Chief Pilot
Avatar

Joined: 02 Apr 2008
Points: 13365
Post Options Post Options   Thanks (0) Thanks(0)   Quote VulcanB2 Quote  Post ReplyReply Direct Link To This Post Topic: Cybercrime Risk Rising Sharply
    Posted: 31 Jan 2009 at 7:47pm
http://news.bbc.co.uk/1/hi/business/davos/7862549.stm

If you start regulating what can be connected to the internet and who can access it, the internet as we know it will cease to exist. It can't be limited to just those with $$$ or companies.

The problem is they're thinking in the wrong terms all the time. "Oh we must control it it to stop it". No - that isn't required.

Take these bot nets for example. If companes employed REAL computer engineers who understood a few things over guys who just push a few buttons, then threats can be restricted significantly.

The technology already exists to monitor network traffic. Civil libertarians would argue the big-brother state at this point, but if deployed with the sole intention of nailing specific packets matching data streams of these bot nets, or other solutions that were employed only during times of a problem (like riot police are deployed only to actual riots - you don't see them on the streets all the time), then everyone is happy.

There was a trend for a while where links to fake websites would point to non-standard ports (port 81, etc). Well, given that these aren't standard ports that are in use, they stick out a mile in normal internet traffic where the major players are web browsers, e-mail, bit-torrent clients, IRC, etc..

80 = HTTP (web)
6667 = IRC (internet chat)
25 = SMTP (e-mail)
110 = POP3 (e-mail)
149 = IMAP (e-mail)
53 = DNS (looking up domain names to IP addresses)
1549 = PPTP (corporate VPNs)
500 = ISAKMP, IPSEC (corporate VPNs)
1701 = L2TP (corporate VPNs)
1024-65535 = Other apps such as BitTorrent, network games, etc..
81 = ????????????????

So as you can see, port 81 for example (that was used fort hosting illegal and fraudulent websites) sticks out a mile in the scheme of things. This traffic would be dead easy to nail and the owner of the affected system can be contacted to let them know of the breach.

Once the problem has been dealt with, the measure can be removed and normal service resumed.

I personally think that ISPs are still not pro-active enough in preventing cybercrime. I don't think it is right to monitor and log everyones usage on the scale the Government are on about, but tackling real problems in this manner is about the best balance you can get.

Spam bots are another thing that can easily be traced. If you're an ISP with predominantly home users, you won't be expecting much e-mail traffic coming OUT of those connections. So if you're seeing lots of SMTP activity coming out of a port, something is clearly wrong, and the registered owner of the connection should be informed that there is a potential problem.

Best regards,
Vulcan.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down