Consumers have bought millions of Roku’s, Apple TV’s, Fire Tv’s, routers, power link adapters, etc. Many times they try to save a few dollars by purchasing products designed, programmed, and manufactured by Chinese companies. Some of which may be partially owned by the communist party or military. With all of these millions of devices it’s hard to believe script kiddies are targeting a product with such a small customer base. The electronics in the modern car or thermostat would be a better target.
Too bad you would be wrong. Script kiddies don’t target anything specific. They go against anything they can find. Origin and popularity of the product are not relevant. If they find it in a network scan, they throw their scripts at it and see what sticks.
That said, I’m not worried about port 23 because I explicitly block it on my home firewall both in and out. You would have to be hacking from inside my network to get at that port. At that point I have bigger problems than you messing with my PVR.
I agree. But having been in IT since forever, one strange thing is that the number of attacks has actually decreased. It used to be that the time from new IP to first attack was hours, then it went down to minutes… and now it’s back up to a longer period of time again. Perhaps it’s not as “interesting” as it once was? Just an observation.
There a number of sites that consistently probe ports. CERT knows of these. One being a Chinese “university”. The number and sophistication of attacks on commercial sites in the U.S. use to increase at the holiday season, especially Christmas, because a lot of workers are on holiday and out of town. In India at various important holidays.
While the TCP header may be purposely constructed with spoofed and illegal field combinations, it would be pretty hard for a packet to transverse it’s way through all the various routers without one. So they are probably visible.
A more simple and fun thing to do is violate the TCP/IP protocol.