Last night, I dreamed that I was sitting in a front-row centre seat at a Margaret Becker concert, when suddenly her music was disrupted by a popping noise. It was one of those sounds that invades your dreams from the real world. The noise eventually roused me from my sleep. I got out of bed and wandered around looking for the source of the racket. It sounded like it was coming from the front of the house, so I peeked out the front door to see what was happening.
It was just a local salesman bouncing pebbles off the garage. It was unlikely he'd do any damage, so I just let him continue. Then I heard a scratching sound coming from the bedroom. It sounded like fingernails on glass. I moseyed back into the bedroom and pulled up the blinds to see what was going on. Someone was attempting to open my window from the outside. I stared at the would-be intruder for a few moments, because I thought I recognised him. Sure enough, he was the same person who tried to get in just a few days ago.
Then I did what any normal person would do in circumstances like these. I checked the window to make sure it was locked, and then I went back to bed.
All right, that isn't exactly how things happened, but it's close. I was listening to a Margaret Becker CD when I heard my log-watching program, Swatch, beeping. Swatch (http://www.stanford.edu/~atkins/swatch) is one of several Linux programs that lets you know when certain system events occur. I use it to alert me to possible break-in attempts.
There were two series of alerts this morning. The first one turned out to be a bunch of echo requests from an ad server called double-click.net. I have no idea what an echo request is used for or why double-click.net performs them when I visit a Web page with double-click.net ads. But I assume it is harmless. The second set of alerts told me someone using a dial-in account from an ISP called Glink Internet was trying to log in to my gateway.
This is the third time in 24 hours that someone from Glink has attempted to establish a Telnet session on my server.
I assume that it is the same person. But he isn't alone. There have been a total of 15 attempts to use my server in various ways in the past three days alone. One person checked for proxy services. It looks like another was trying to get my server to forward his data so that it looked like it originated from me.
Now, I'm no security expert, so I wouldn't be so bold as to claim that my Internet gateway is bulletproof, and I certainly wouldn't be foolish enough to issue a challenge to crack my server. But I'm not entirely dim when it comes to security, either. So I'm confident I've locked down my Linux-based Internet gateway well enough to repel innocent intrusions and attacks from your average script-kiddies.
I don't lose any sleep. But that isn't the point, is it? The typical reaction to a computer invasion is to buy or download yet another security product. But if people routinely walked up to my house to jiggle the doorknobs and pull on the windows, my first reaction wouldn't be to check the locks and go back to sleep. It wouldn't even be to get a good security system. I'd call the cops.
And I'm just talking about unsuccessful attempts to break in from the outside. Don't even get me started on the commercial software that secretly sends data back to the originating vendor. If I bought a Sony video camera and it secretly sent pictures of the inside of my house back to Sony, I'd see that somebody went to gaol.
What can we do to go on the offensive against invasions of privacy and crime? Perhaps it is time to create an Internet police force so that we have cops to call when someone tries to break in to our servers. I would gladly pay a dollar or two per month more for an Internet service to fund such an effort.
Do you have a better idea about how to handle attempted system break-ins? Let me know.