I went into my router to
change my password from “admin”,
and checked the log. There were a lot of “unrecognized access” from random IP
addresses, to a set of fairly random ports.
Are these the pages I am reading on the internet, or random
attempted hacks into my computer network?
You would be amazed at the amount of malicious network traffic on the internet.
At least one security guru has coined the term “Internet Background Noise”
for all this traffic.
What is it?
I’ll put it this way: it’s the reason you must have a firewall.
Become a Patron of Ask Leo! and go ad-free!
To put it bluntly, yes, those are most likely attempted hacks into your computer or
But please don’t think that there’s someone out trying to get to you.
You are most definitely not alone.
They’re trying to get to anyone. Anyone who’s not protected, not up to date, or
otherwise has some kind of vulnerability.
Here’s what’s going on.
Computers can be really dumb, but they make up for it by being really fast and/or really persistent.
Malware authors can
take advantage of that by writing malicious software that, effectively, goes out and checks
every possible IP address for a computer with known vulnerabilities.
If a vulnerability is found the malware then infects that computer and moves on to the next.
Now, “every possible IP address” is a lot of IP addresses. It’s measured in the billions. And yes,
checking each one is kind of a stupid way to go about it. But here’s where persistence pays off – one
computer starts scanning. It eventually finds one that’s vulnerable to attack, so it infects that computer with
a virus, and the scanning software. Now the first computer keeps looking for more, and the second
computer starts looking as well. Each time another computer is found to be vulnerable, it’s infected and added
to the legion of computers that are out scanning for more vulnerable computers.
Eventually your IP will come up. If you’re vulnerable, you’ll be infected, and your computer
will join the crowd. If, however, you’re not vulnerable by virtue of being behind a firewall, being
up-to-date on all your operating system patches, or both, then the computer attempting to infect
you will see that it cannot, and move on.
Now you know why you need a firewall. Any machine sitting “naked” on the internet is
subject to these constant attempts to exploit known vulnerabilities. Your router log is
showing these attempts. Your router is acting
as firewall and preventing them from reaching a “real machine”.
So where are all these vulnerability probes coming from? Infected machines. In fact,
the owners of those machines probably have no idea that their machine is participating
in this activity.
So why don’t those folks just clean, patch and protect their machines?
They should. But the sad fact is that there are a large number of folks who still do not adequately protect themselves.
And these folks, in turn, are putting the rest of us at risk.
In fact, much of this “internet background
noise” are computers infected with viruses that are several years old, and for which patches have
also been available for several years.
So, yes, as I and others have been preaching almost daily, it’s critical to keep
your machine up to date and get behind a firewall so as to avoid becoming one of those
machines trying to infect everyone else.
And to protect yourself from everyone who doesn’t.