Cybercrime Risk Rising Sharply |
Post Reply |
Author | |
VulcanB2
Chief Pilot Joined: 02 Apr 2008 Points: 13365 |
Post Options
Thanks(0)
Posted: 31 Jan 2009 at 7:47pm |
http://news.bbc.co.uk/1/hi/business/davos/7862549.stm
If you start regulating what can be connected to the internet and who can access it, the internet as we know it will cease to exist. It can't be limited to just those with $$$ or companies. The problem is they're thinking in the wrong terms all the time. "Oh we must control it it to stop it". No - that isn't required. Take these bot nets for example. If companes employed REAL computer engineers who understood a few things over guys who just push a few buttons, then threats can be restricted significantly. The technology already exists to monitor network traffic. Civil libertarians would argue the big-brother state at this point, but if deployed with the sole intention of nailing specific packets matching data streams of these bot nets, or other solutions that were employed only during times of a problem (like riot police are deployed only to actual riots - you don't see them on the streets all the time), then everyone is happy. There was a trend for a while where links to fake websites would point to non-standard ports (port 81, etc). Well, given that these aren't standard ports that are in use, they stick out a mile in normal internet traffic where the major players are web browsers, e-mail, bit-torrent clients, IRC, etc.. 80 = HTTP (web) 6667 = IRC (internet chat) 25 = SMTP (e-mail) 110 = POP3 (e-mail) 149 = IMAP (e-mail) 53 = DNS (looking up domain names to IP addresses) 1549 = PPTP (corporate VPNs) 500 = ISAKMP, IPSEC (corporate VPNs) 1701 = L2TP (corporate VPNs) 1024-65535 = Other apps such as BitTorrent, network games, etc.. 81 = ???????????????? So as you can see, port 81 for example (that was used fort hosting illegal and fraudulent websites) sticks out a mile in the scheme of things. This traffic would be dead easy to nail and the owner of the affected system can be contacted to let them know of the breach. Once the problem has been dealt with, the measure can be removed and normal service resumed. I personally think that ISPs are still not pro-active enough in preventing cybercrime. I don't think it is right to monitor and log everyones usage on the scale the Government are on about, but tackling real problems in this manner is about the best balance you can get. Spam bots are another thing that can easily be traced. If you're an ISP with predominantly home users, you won't be expecting much e-mail traffic coming OUT of those connections. So if you're seeing lots of SMTP activity coming out of a port, something is clearly wrong, and the registered owner of the connection should be informed that there is a potential problem. Best regards, Vulcan. |
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |