Slashdot Mirror

← Back to Stories (view on slashdot.org)

The BBC's Honeypot PC

Posted by ryuzaki0 on from the hijack-my-pc-please dept.

Alex Pontin writes, "This article from the BBC shows how vulnerable XP Home really is. Using a highly protected XP Pro machine running VMWare, the BBC hosted an unprotected XP Home system to simulate what an 'average' home PC faces when connected to the internet." From the article: "Seven hours of attacks: 36 warnings that pop-up via Windows Messenger. 11 separate visits by Blaster worm. 3 separate attacks by Slammer worm. 1 attack aimed at Microsoft IIS Server. 2-3 "port scans" seeking weak spots in Windows software." The machine was attacked within seconds of being connected to the Internet, and at no time did more than 15 minutes elapse between attacks.

16 of 344 comments (clear)

  1. Well Duh! by fluffy99 · · Score: 3, Insightful

    So we've learned that putting an unprotected windows box on the internet is a bad idea - well duh! It probably doesn't help that they didn't bother with any updates, or turning on the firewall.

    1. Re:Well Duh! by Anonymous Coward · · Score: 4, Insightful

      The thing is, users do this EVERY DAY. So it is an important excercise. People here on Slashdot may know how to keep themselves protected, but I talk to Windows users ALL THE TIME who have their computer sitting on a broadband connection with no idea how to protect it (no hardware firewall, no spyware protection, whatever virus protection was bundled with the machine [but likely not updated with the latest signatures]).

      It's still a HUGE problem. So, maybe it's a no-brainer for you, but it isn't for the average user.

    2. Re:Well Duh! by jacquesm · · Score: 5, Insightful

      The BBC is not exactly known for being beginners at IT, they're the people that brought a lot of us (including me) into the age of personal computing with their BBC Micro Computer.

      The thing they've tried to do here is to accurately simulate what the average home user will do, and see what the consequences would be.

      It's like a 17 year old nude virgin visiting the octoberfest and expecting to come away 'unscathed', I give you that much. But anybody that buys one of those HP internet ready pc's with XP pre-installed that goes home and plugs in his / her machine is doing the exact same thing.

      The instructions even tell you to connect all that stuff *before* switching on in simple-to-use IKEA style no words diagrams. Don't be too quick to judge the beeb, they're pretty good at what they do.

      --
      MP3 Search Engine
    3. Re:Well Duh! by SlartibartfastJunior · · Score: 5, Informative

      it's easy to say "well duh!", but when you have a brand-new out-of-the-box computer, it doesn't exactly come with instructions. My grandmother has no way of knowing she's supposed to be running a firewall, or going to get a Microsoft Security update before doing anything else. WE know these things, because we hang out on Slashdot, but they're not obvious to the rest of the world, and I applaud the BBC for bothering to put this in people's minds. Until the day Microsoft starts shipping Windows with firewalls INSTALLED and ON by default, articles like this will truly be helpful.

  2. Impressing by ackthpt · · Score: 5, Insightful

    I set up a friend's new computer and installed a firewall, before attaching to to internet for the first time and he was stunned how fast the log of probes filled up. He'd never used a firewall before on his old XP machine.

    What bugs me is why there doesn't seem to be any decent coordinated effort to track the bots down and shut them down and to go after the perpetrators. Really, it doesn't seem that hard, it just seems like no government is interested in doing anything about it.

    --

    A feeling of having made the same mistake before: Deja Foobar
  3. Re:And the moral of the story is. by Rob+T+Firefly · · Score: 3, Insightful

    We're not the target audience. Average home users probably aren't reading /., but they just might be BBC readers. Good "welcome to the real Internet" articles need to get out into the mainstream more, and I don't mean the standard "OMG INTERNETS BE AFARIAD OF PRON AND PEDOS AND ID THIEVES AND VIRUSESES IT GOING TO KILL YOU ALLS" that modern "news" seems to favor.

    --
    Slashdot Burying Stories About Slashdot Media Owned
  4. Yawn... by rsilvergun · · Score: 3, Informative

    this has been done before with WinXP SP1, we already know it's insecure. But you know what? Most home users have firewalls now, if only in the form of a hardware router from their ISP, and any new users are running XP SP2. A simple firewall and a few trips to www.windowsupdate.com takes care of most problems. Now, a better article would point out who Windows Media Player will run any old code as root on your box if you've got "Obtain licenses automatically" checked. I can't believe there isn't more of a sh*t storm over that.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  5. Their 'unprotected'=flawed by i_should_be_working · · Score: 3, Informative

    So by unprotected, they mean some old installation without any recent patches, not a patched machine with no firewall. Scared me for a moment.

    I can attest (I'm sure many can) to how fast an unpatched XP machine gets hit. I have an installation disc from 2002 (sp1). When I use it I install with the ethernet cable unplugged. After install I plug in the ethernet and go straight away to Windows update but still, on the last go, within 5 minutes I got a somewhat obviously (to me) fake and malicious pop-up telling me I'd better click on it to protect my computer.

  6. Not just Windows by pavera · · Score: 4, Insightful

    I love linux, but alot of this stuff pretty much pertains to anything on the internet. Do you have a linux box on the public net with SSH open? I gaurantee you are getting more than 1000 attempted logins per day. This article talks about alot of "attempted" attacks, well my linux machines on the net get port scanned at least 10 times a day, any box that has ssh running on the default port is being dictionary attacked pretty much 24/7. Sure the linux boxes aren't being turned into zombies, and I'm not sending out boatloads of spam, but my apache servers get hit with IIS attacks regularly. Putting a box with open ports on the net gaurantees you will be attacked. It doesn't matter if its linux or windows.

    The difference is with windows you will probably get hacked, with linux you at least have a fighting chance.

    1. Re:Not just Windows by julesh · · Score: 3, Interesting

      Do you have a linux box on the public net with SSH open?

      Yes.

      I gaurantee you are getting more than 1000 attempted logins per day.

      Uh, no. On the occasional day I get a sustained attempt to guess a username/password combo, and such an attempt may well get up to 1,000 attempts, but in the last 4 days' log (all I keep), I don't see any such attempt. There were a couple of attempts on my FTP server, but it looks like the attacker closed the connection as soon as they saw the welcome banner; scanning for a particular server/version in the connection report, I guess.

  7. where are all the attacks coming from .. by rs232 · · Score: 4, Insightful

    "This is a pretty bogus test. Obviously they didn't install security updates before going about their business,", not already in use

    "we installed an unprotected version of Windows XP Home configured like any domestic PC."

    "made apparent by the fact that the system was vulnerable to viruses that came out over 3 years ago", not already in use

    But these three year old attacks were still coming from other already infected machines on the Internet. Are all these infected machines running three year old software.

    was Re:I have plenty of reasons to dislike Microsoft..

    --
    davecb5620@gmail.com
  8. A Premium of Paying Vicitms by demo9orgon · · Score: 3, Insightful

    Despite all the Microsoft apologists who will wring their hands and point out that certain things were not done in order to safety the Microsoft honeypot, the genuine service this article demonstrated is that people who turn on their new computer with its Microsoft operating system connected to the Internet are vulnerable to exploits which are automated and exist in abundance, ready to pounce upon current Microsoft operating systems.

    Even if you're a master of Microsoft "anti-ware" solutions and tweaks, what happens when someone who isn't takes a few wrong turns with their OS? It's toast, or worse, enslaved and used as a resource the end-user is paying for.

    I stopped using Microsoft operating systems to directly connect to the Internet nearly 10 years ago, when the sophistication of the exploits had developed to the point where it was no longer safe to use any Microsoft OS online. Since then it really hasn't gotten much better, has it?

    I think it's a shame that the company with the fattest pockets can't be bothered to get it right yet still demands to be on every PC made.

    --
    Every new form of media has it's own Requirimento
  9. Re:We have a Love connection. by Lave · · Score: 3, Informative
    From my experience the Beeb runs a large amount of linux articles. And is quite vocal about free open source alternatives (a benefit of not being funded from corporate sponsors). For evidence try typing "linux" into their search engine. It gives you 49 pages of hits for the whole of bbc.co.uk, 9 pages of which come from just the "news" section.

    So you are simply wrong.

    --
    http://skeptobot.blogspot.com/ - A site for the Renaissance man and woman
  10. Indeed, AC by QuaintRealist · · Score: 4, Insightful

    All of the "well duh" folks miss the point. There are a lot of people out there with reinstall CDs for older machines. When their machine gets hit with malware, many of them "reload" windows and some of these head for Microsoft update.

    The point is that they are too late - they're perfectly likely to get hit before update can protect them, and perfectly likely to get hit with something as bad as what they had before.

    This really is a problem.

    --
    Using plain ol' text since 1968
    1. Re:Indeed, AC by Mister+Whirly · · Score: 3, Insightful

      And this is why they should be letting a professional set their stuff up. If you knew nothing about cars, would you try to put an engine together and then drop it in by yourself, or would you take it to a mechanic? Most people seem to understand that, why should it be different just because we are talking about computers? Nothing like having your system owned as a way to hammer this point home. I certainly don't take the crass view of "well they get what they deserved for being ignorant" - but how do you combat naiveté among people? Especially with a technical subject that most people's eyes just glaze over when you start talking patches and firewalls? I think most folks just figure they can save $100 by setting it up themselves....Big mistake....

      --
      "But this one goes to 11!"
  11. Re:It IS hard by bill_kress · · Score: 3, Interesting

    He said an coordinated effort. Of course no one person can get anywhere, but if we just decide not to accept this, we start blocking IP ranges, force the ISPs to deal with their spammers and botnets--it wouldn't take long at all to shut down the entire problem (and 60% of the web). Then you just bring up clean PCs one at a time--forward their DNS to a page that can lead you through the process of cleaning out your PC and contains a list of services that will help.

    Subsidize the creation of some decent anti-virus and service companies that can clean your computer remotely (Just don't build one nuke, that should take care of funding it for a few years)

    Of course we can't take these steps proactively, humans are too short-sighted, but we WILL do something like this reactively, It's going to happen--just a matter of time.