Security by obscurity — NOT!


As you can see in the posts below I switched internet service providers on Monday of this week. As a result I received a different block of IP addresses than I had before.

I have always heard that it only takes a few minutes for an attack to start on a computer – or any other device like phones and tablets – that is newly connected to the Internet. I determined to see how many (not if) script-kiddie attacks via SSH took place on the first full day after the changeover.

During the full day after getting new IP addresses, I experienced a total of 1634 attack attempts from 37 different IP addresses. I obtained this information from the Logwatch tool which I describe in volumes 2 and 3 of my “Using and Administering Linux: Zero to SysAdmin” series of books.

The crackers behind these attempts are not just searching for new computers to attack. They make the assumption that there is a computer at every IP address and attack regardless. If there is no computer at one IP address they move on to the next.

The point is that your computer or device is not safe just because it was connected to the internet five minutes ago. There are constant attacks going on and your device needs to be protected before it is connected.

Note that this is only one type of attack. There are many others that I did not even consider in this post.