←back to thread

Foreign hackers breached a US nuclear weapons plant via SharePoint flaws

(www.csoonline.com)
433 points zdw | 3 comments | 21 Oct 25 15:51 UTC | HN request time: 0s | source
Show context
reenorap ◴[21 Oct 25 17:16 UTC] No.45658455[source]
There needs to be a law that all nuclear and nuclear-adjacent facilities have no connection to the Internet. The fact it's allowed is unbelievable.
replies(16): >>45658869 #>>45658922 #>>45659008 #>>45659125 #>>45659155 #>>45659165 #>>45659210 #>>45659242 #>>45659399 #>>45659433 #>>45659476 #>>45659542 #>>45659733 #>>45660029 #>>45661258 #>>45666322 #
ferguess_k ◴[21 Oct 25 18:00 UTC] No.45659210[source]
I heard that once you put up a website on the public internet, it would immediately gets attacked by all kinds of scanners or other worse things. Not sure if it's true as I'm not a web guy.
replies(4): >>45659255 #>>45659306 #>>45659371 #>>45660464 #
SoftTalker ◴[21 Oct 25 18:03 UTC] No.45659255[source]
Every public IPv4 address is port scanned multiple times a day.
replies(4): >>45659283 #>>45659316 #>>45662113 #>>45672593 #
ta1243 ◴[21 Oct 25 18:04 UTC] No.45659283[source]
Which really isn't a problem, unless you're being scanned so much your bandwidth is being overwhelmed. Certainly not the case for me, despite having port 80 and 443 open
replies(1): >>45659439 #
tgv ◴[21 Oct 25 18:13 UTC] No.45659439[source]
I have a server that has a slow (5s) response to unknown pages, returns it as 200, and makes the next failing request even slower (for unauthenticated users). That seems to keep the number of requests limited. Perhaps I should just drop the connection after a certain number of requests.

BTW, quite a few of these port scanners are companies that offer to scan your ports for vulnerabilities. Temu pen testing, so to speak.

replies(1): >>45659762 #
1. eks391 ◴[21 Oct 25 18:36 UTC] No.45659762[source]
Do you configure this in your firewall? How can I replicate this?
replies(1): >>45664190 #
2. fragmede ◴[22 Oct 25 02:11 UTC] No.45664190[source]
what firewall do you use?
replies(1): >>45669471 #
3. tgv ◴[22 Oct 25 14:12 UTC] No.45669471[source]
It's in the "404" handler of the backend. It should be possible to write a caddy or nginx module for it.