A Day in the Life of...

The state of IT Security is rather dismal. Attacks on vulnerable services that worked 10 years ago still work today despite the fact that operating systems have been hardened, and firewalls and intrusion detection and prevention systems (IDS/IPS) are in place. What really makes me mad though is the lack of available information. I purchased a book called Network Security Assessment. While it's a useful reference to have, it is obsolete and incomplete in sections. How do I know this? I have been running honeypots. I discovered that the malicious elements are using a tool called UnixCod to brute force SSH connections. I have only found one review of this "password auditing tool". To say that it is a password auditing tool is being generous. UnixCod is a fast network scanner that finds systems running the SSH service and tries to exploit them with a brute force dictionary attack of common usernames and passwords that has been around since 2005. You'd think a book written in 2008 would mention such a tool, but it doesn't. In fact, this tool can scan 64,516 hosts in 9 minutes flat and then attack the ones only running SSH. Maybe this is a slow tool by state of the art standards, but I was impressed. This highlights a growing problem with IT Security in general, the lack of distributive knowledge bases. The people who are supposed to protect the networks are months, if not years behind, in knowing what the people attacking them are up to. There is not enough knowledge sharing within the community, and it only hurts the defenders. To add insult to injury, why does my ISP allow brute force ssh and VOIP attacks on my systems from overseas? Obviously my ISP doesn't care if I get hacked and lose money, but my bank might. It would be rather trivial to drop packets from overseas IP addresses that are being malicious and running such tools to protect one's customers, that is what IDS/IPS systems are designed to do, I guess that the major ISPs just don't care with the exception of Comcast.

Labels: IT Security IT Insecurity UnixCod brute SSH attacks