Breaking Things: When Hackers Attack

Had an interesting evening here on the farm. As I’ve mentioned before, we stream our goats on 24/7, and as part of that, we have a single odd port inbound to an embedded server so our viewers can control our cameras, changing them as they wish.

Tuesday evening, after  10pm local time, in keeping with our own advice about keeping your router firmware up to date, we updated ours. We have Verizon Fios on the Internet side of our network, and a second WiFi router daisy chained to the Fios modem for our internal farm network.

After flashing the new firmware into both, I began to restore my very strict firewall settings (you do use one I hope!) but as fast as I could get the Fios modem rebooted, someone from China was getting in and taking control of it. It was a cat and mouse game until I finally won, getting the modem booted up and the remote administration  and ping reply turned off before he could get in again.

Continuing my firewall setup, I opened the single obscure  port to my embedded camera controller. The controller is password protected, and automatically blocks the IP address of anyone using the wrong user name and password,  forever! So yes, they can port scan and find the server, but they only get one chance to log in before they are blocked.

One Chinese hacker spent hours port scanning my home IP address, trying to find a vulnerability.

I finally got tired of it, and started port scanning HIM! It was amazing how fast he stopped once he noticed me doing the same to him.

There is a handy web site that I use to see where attacks are coming from, and it’s worth bookmarking for your own use. It’s called: web site result of hostile IP address web site result of hostile IP address

Point is, if you are not using the firewall available from your internet service provider, your personal router, and even your individual computers, you should be.

Go check now, configure the hardware and install your Linux firewall software too!