A study by Australian IT security firm Shake Communications revealed that around two out of three Australian Internet users are vulnerable to attack by hackers because of inadequate firewall protection from ISPs and ill-figured commodity products.
These attacks range from obtaining access to the hard disks of Internet users, to causing machines to crash or roboot.
The “Dialup Internet Access Study” of 1998 found that 70% of Internet users had some sort of file-sharing enabled that could be exploited by hackers. Six percent of Internet users were running Web servers and another 6% were running FTP servers. Of the 6% running FTP servers, 19% provided anonymous access to illegally copied or pirate software
and 23% provided access to illegally copied audio CDs or music
files.
Over a six week period, Melbourne-based Shake Communications dialed up to a major Australian ISP during peak times, scanned modem banks, and checked services such as Telnet and FTP using customer IP addresses.
“Many Internet users are simply unaware of these issues of vulnerability,” said Mr Simon Johnson, Shake Communications technical manager. “These results clearly show that it would be possible for an attacker to shut down more than 70% of users who are currently connected to the Internet via a modem.”
The study also found that 4% of users connected to the Internet
enabled incoming telnet sessions. Of that 4%, 53% restricted access, 51% displayed the company name and 67% displayed the version of the operating system on the computer.
“ISPs are not adequately protecting their client,” Johnson said. “Many ISPs still do not have a firewall to protect their own computer systems, let
alone their customers dialing up from home or work. Of those ISPs that do
have firewalls, many of them have holes, are not configured correctly or
don’t have the necessary rules in place to protect their modem banks.”
“Companies must assume that just because they connect to the Internet via a modem, doesn’t mean their ISP is protecting them,” Jonhson added.
Shake Communications is an independent information and Internet security research firm based in Melbourne, Australia that provides research on vulnerabilities in hardware and software and houses what’s claimed to be the world’s largest vulnerabilities database. It partners with such companies as Network Associates, Eastcoast Software and Secure Computing.