Most active commenters

    ←back to thread

    Foreign hackers breached a US nuclear weapons plant via SharePoint flaws

    (www.csoonline.com)
    433 points zdw | 15 comments | 21 Oct 25 15:51 UTC | HN request time: 0.203s | source | bottom
    Show context
    reenorap ◴[21 Oct 25 17:16 UTC] No.45658455[source]
    There needs to be a law that all nuclear and nuclear-adjacent facilities have no connection to the Internet. The fact it's allowed is unbelievable.
    replies(16): >>45658869 #>>45658922 #>>45659008 #>>45659125 #>>45659155 #>>45659165 #>>45659210 #>>45659242 #>>45659399 #>>45659433 #>>45659476 #>>45659542 #>>45659733 #>>45660029 #>>45661258 #>>45666322 #
    1. ferguess_k ◴[21 Oct 25 18:00 UTC] No.45659210[source]
    I heard that once you put up a website on the public internet, it would immediately gets attacked by all kinds of scanners or other worse things. Not sure if it's true as I'm not a web guy.
    replies(4): >>45659255 #>>45659306 #>>45659371 #>>45660464 #
    2. SoftTalker ◴[21 Oct 25 18:03 UTC] No.45659255[source]
    Every public IPv4 address is port scanned multiple times a day.
    replies(4): >>45659283 #>>45659316 #>>45662113 #>>45672593 #
    3. ta1243 ◴[21 Oct 25 18:04 UTC] No.45659283[source]
    Which really isn't a problem, unless you're being scanned so much your bandwidth is being overwhelmed. Certainly not the case for me, despite having port 80 and 443 open
    replies(1): >>45659439 #
    4. pdntspa ◴[21 Oct 25 18:05 UTC] No.45659306[source]
    Back in the day, I made the mistake of hooking up a fresh Windows XP (at least I think it was; pre-SP2) install directly to the internet. There was no firewall or NAT to protect me. The machine got pwned almost immediately.
    replies(1): >>45664186 #
    5. pdntspa ◴[21 Oct 25 18:06 UTC] No.45659316[source]
    Watching my website's firewall and ssh logs show all the various hacking attempts is calming in the same way that watching waves crash on to the shore is.
    replies(1): >>45659714 #
    6. rtldg ◴[21 Oct 25 18:09 UTC] No.45659371[source]
    All IPv4 addresses, domains (maybe more so for recently-registered ones), and subdomains from Certificate Transparency Logs (for HTTPS certs) are all constantly checked and poked.
    7. tgv ◴[21 Oct 25 18:13 UTC] No.45659439{3}[source]
    I have a server that has a slow (5s) response to unknown pages, returns it as 200, and makes the next failing request even slower (for unauthenticated users). That seems to keep the number of requests limited. Perhaps I should just drop the connection after a certain number of requests.

    BTW, quite a few of these port scanners are companies that offer to scan your ports for vulnerabilities. Temu pen testing, so to speak.

    replies(1): >>45659762 #
    8. diggan ◴[21 Oct 25 18:32 UTC] No.45659714{3}[source]
    More like looking a thin net preventing mosquitoes from biting your skin, as there is some intention behind it, not just physics.
    9. eks391 ◴[21 Oct 25 18:36 UTC] No.45659762{4}[source]
    Do you configure this in your firewall? How can I replicate this?
    replies(1): >>45664190 #
    10. aerostable_slug ◴[21 Oct 25 19:26 UTC] No.45660464[source]
    IIRC Carnegie Mellon did a study years ago which showed that you could not unbox a new Windows machine, connect it "directly" to the Internet, and get it fully patched before it was pwned.
    11. 1718627440 ◴[21 Oct 25 21:44 UTC] No.45662113[source]
    Per day? per minute or second.
    12. fragmede ◴[22 Oct 25 02:11 UTC] No.45664186[source]
    It's still true!

    > What happens if you connect Windows XP to the Internet in 2024?

    https://youtu.be/6uSVVCmOH5w

    13. fragmede ◴[22 Oct 25 02:11 UTC] No.45664190{5}[source]
    what firewall do you use?
    replies(1): >>45669471 #
    14. tgv ◴[22 Oct 25 14:12 UTC] No.45669471{6}[source]
    It's in the "404" handler of the backend. It should be possible to write a caddy or nginx module for it.
    15. ferguess_k ◴[22 Oct 25 17:43 UTC] No.45672593[source]
    Damn that's like Blood War in DND...