Just a warning about the internet

I've had a couple of arduinos on the internet for months now. They don't get a lot of traffic and once in a while someone tries to hack into them. Not the normal folk that are just lookin', these people actually try to script in and mess with it. I have the devices set up such that they can only be changed by an address in my local lan that can't be sent over the internet so I'm not worried at all.

However, here the last week or so, the scanning activity has shot up like a rocket. I get 25 or 30 hits a day from various scanners; the most recent is Morfeus. This is up from maybe three or so a day.

So, if you have an arduino on the internet, make sure it's at least minimally safe and that nothing it does can bother you.

Just sayin'

I used to see huge floods of what were probably port scans in my router logs. The router is set up to ignore them, so there again no real worries. I was amazed at the volumes, though, there would be thousands of attempts over periods of maybe a few hours. So maybe a bot net, and I happened to get an IP address from my ISP that they'd discovered previously. In recent months, the activity has just about completely stopped, so maybe the ISP found a way to squelch that traffic.

I already have a function in my Arduino that reads the client IP. If the client IP is not my computer's IP, it sends nothing and closes the connection. In w5100.h, there is this function: readSnDIPR(SOCKET _s, uint8_t *buf);

It is used like this:

byte remoteIP[4];
char outBuf[18];

readSnDIPR(_s,remoteIP);
sprintf(outBuf,"%u.%u.%u.%u",remoteIP[0],remoteIP[1],remoteIP[2],remoteIP[3]);
Serial.println(outBuf);

Compare the value in outBuf with your computer's IP. If it isn't yours, do to them what you want. Maybe a page for you and a separate page for them. :D

Edit: My bad. I forgot the underscore before the socket parameter. Corrected now.

Perhaps an Arduino honeypot would have some amusement value:

http://en.wikipedia.org/wiki/Honeypot_(computing)

On a serious note, this is why the Bitlash web server is locked down so that you can only update the web setup by logging in with a password. The public interface exposes only the functions you designate, to minimize mischief.

-br http://bitlash.net

I took a different tactic to prevent people playing around. I mask the incoming ip address with the subnet mask and only let machine on my local network mess around. That way it doesn't matter which machine in the house I use, only machines I let join my network can do things. Outside machines, when they try to do things, get a simple 'Denied' message.

Of course, it took me about a week to figure out how to do this. There's not a single good (understandable) explanation of subnet masking on the internet; they're all designed for computer science students to read and mess up on a test.

Thank you, DrayThomp, for raising this issue.

For years, I wouldn't even TRY to put a server on the web, for fear of opening doors to the Bad Guys.

I've an an Apache server running in Windows XP on my LAN, "talking" to the outside world through my router for a while. For several months, I've also had some Arduinos ditto.

I try to keep as much as I can "locked down"... but not really sure WHAT or HOW to lock things down, sigh.

Been lucky, so far... or my router's firewall is good!

Advice to beginners: We've all done it, but when you turn your anti-malware and firewall off "to see if that fixes the problem", you are REALLY taking a chance. As other posts make clear... it is not a rare event for someone bad to come sniffing around. And modern viruses are more insidious than the old ones... they "hide", instead of trashing your system. While it is nice to be able to continue working, do you NEVER log into a bank account? Do you not care that your machine may be helping criminals?

I've been running an apache server on a pc behind a router since 2001 and haven't had any issues with "bad guys". If you leave your system totally open for easy outside access, then you will probably have issues. Otherwise, you probably won't have problems. Generally speaking, the outside world probably has no interest in your system/project and will not spend time or energy trying to hack/sniff your stuff.

I'm not getting hacked, I'm getting script kitties running bot software. I also get a lot of bot examinations. The arduino is completely invulnerable to this kind of thing, so I'm not worried in my case. But some folks put their door locks and garage doors on line. That could get a little nasty if discovered and they weren't aware. It is interesting how many school computers seem to be running bots though. Large colleges in various countries seem to be the ones that mess with me most often. Well, and some large corporate networks.

draythomp: It is interesting how many school computers seem to be running bots though. Large colleges in various countries seem to be the ones that mess with me most often. Well, and some large corporate networks.

They mess with you becasue somone already got in htem. It is not difficult for a school to become over run with bot computers. All it takes is one student to get one in that one computer and then it replicates around. The school i am in has a few and that is why i dont do anyting other then my school work on them. Sevral school mates here have had there emails hacked after they logged into them on campus.

I would be inclided to generate a counter bot. One that picked up and went back to the source to shut it down.

I have thought it would be funny to give the bad guys false information to send them on a "goose chase". I was thinking in terms of fake numbers that have the correct amount of digits. Spamming them back with large e-mails was another idea I have but, probably would not create any result.

I have never did the above, it is just thoughts.

I never bother with any form of retaliation; it just isn't worth my time. Their scripts or viruses can't hurt me and they probably aren't even aware their machine is doing it. Besides, it keeps me on my toes making sure they can't do any harm.