Security vs hacking

[rjkfsm]

Hi all,

First of all I'd like to say that I am new to this forum so, Hello all.

I have had broadband for quite a while and have run Snort in IDS mode in front of my firewall for almost as long. I run it in front so that any attacks will get logged before they even hit the firewall.

When I first started hosting a small site on my home network, I used IIS and got hit with several attacks designed to bring down IIS. One of them suceeded and the attacker got access to my web directories (but not the whole PC) and defaced my website.

I then switched to Abyss and have watched the attack attempts dwindle down and then change methods and pick back up again. "They" no longer use IIS specific attacks, but use the more generic buffer overruns, SYN flooding, Oversized URI Directory requests and bare byte Unicode encoding attacks. I am now getting probed or attacked several times a day. The number of source IP's is about a half dozen. One recent example (11/30) was when I got 1,770 TCP connect (SYN) requests per second for over ten minutes.

My questions are:
1) Has anyone else been hit like this? (Is this normal?)
2) How secure is Abyss? (Should I just move to a commercial server?)
3) Should I report these people to their ISP?

RK

[TRUSTAbyss]

[admin]

rjkfsm,

Welcome to the forum. Abyss has proven to be more secure. All long URL/buffer overrun tricks doesn't work with it.
In version 2 (see 2.0 Beta section in this forum), we have added an antihacking feature. In addition to the intrinsic secure way of handling data and request coming from your visitor, the antohacking system will monitor every visitor and if it is believed that it attacking the server, it will be dynamically banned. So your bandwith and computing resources are saved from long attacks.

[senshi]

I would also add that if your hosting, you should have atleat a network device other than your modem like a router/port switch as your frontline defence, that way the attacker cant flood your ports and attack your web port because all the other packets will be blocked at the router IF the port thats being attacked is not open, if the port is open, the person can attack your system, the machine thats behind the port is what gets attacked so it is important to run a software firewall to protect the machine from all the crap thats the router forwards regardless of it being invalid or valid traffic.

I am behind a route and a stealthed firewall and my IPS stuffs me behind a proxy too yet IM able to serve up effortlessly, it is a common mistake that people assume that you cant run services with a firewall, well yes you can, all it takes is to use the right software and CONFIGURE IT, thats the clue and main key.

as for attacks, even though IM behind a router which I estimate is easily consuming 80% of the web nasties based on logs prior to install of router, so far I have logged...

121,285 blocked access attempts since Steptember through to 09:40am GMT 07/01/2005. if that figure represents about 20% then the actual figure at the router must be in excess of 500,000 bad hits.

As to your question, running any server will attract unwelcome attention, mainly from spotty 13 & 14 year olds who think its a wheeze to destroy your PC that you paid allot of money for, something that junior didnt have to do because daddy bough dickless a fat PC.

I will say this, never DOUBLE FIREWALL on the local machine, this causes security issues, people mistakenly running more than one of the same tyrp of service will cause system conflicts because you have TWO of the same type of program fighting over the same resources, if thats a firewall then your only helping the hacker not protecting yourself.

FYI, your firewall has a logging system and it will register everything, so running a bit of software to log all traffic is not a good idea.

Lastly, your existing set up, what software are you running to protect your system? Ad admin says, Abyss is a though bird to kill and you should be more concerned with making your PC water tight security wise.

I will say this for nowt, IM an EX - NORTON user, for very good reason, if you do want to use it, I suggest you look at others first and if you still persist in using nortons stuff, its on your head, any net admin or net engineer worth his salt will tell you the same, in buisness critcal builds, they wont touch nortons stuff because it has a bad track record despite all the marketing glitz that they pour into washing over the fact with slick advertising.

I have actually found that allot of software thats brillant is not only NOT ADVERTISED but also FREE!, Abyss included.