The majority of attacks are perpetrated by so-called 'script kiddies', says ISDN Networks MD, Barry Cribb. These are relatively low-skilled people, who simply run downloadable scripted exploits at vast ranges of IP addresses until they hit one that works.

The attacks are totally random, he says, with the attacker not initially knowing who the target will be. Some smarter attackers will initially run scans to identify specific systems. However, very often, Linux exploits are run against Windows servers and vice versa. Whilst there is little focus, they are very successful simply by virtue of scale of the operation, as they are able to sweep massive blocks of addresses, often running into many thousands.

Cribb says most people do not monitor their systems, and probably will not detect the sweeps without an IDS, but they can be assured they will be probed. We have spoken to many admin staff, who were astounded that their systems were compromised only weeks, or sometimes days, after going online for the first time, says Cribb.

You may believe that no one is interested in your system, or that your data is of no value, so why would anyone attack your site? It is these systems that the â¬Ãƒâ€¹Ã…script kiddie will try to exploit. If not simply defacing a Web site and claiming â¬Ãƒâ€¹Ã…street cred by posting it on a defacement mirror, then they will use it as a platform from which to attack the next system, he says.

Some hackers have many thousands of attacks to their name. It is safe to say that these attacks were not run from one machine, but from any number of compromised machines employed to multiply their efforts. Why use your own bandwidth or disk space or processing power when you can use somebody elses, he adds.

Not only does it allow the attacker more resources, it also hides the origin of the attack. If the scans are detected, it is the owner of the source of the attack who will have to answer questions from the authorities, not the hacker. Therefore, says Cribb, it is important that organisations protect their sites from becoming unwitting attackers.

He says attackers are truly global, operating seven days a week, 24 hours a day. Many administrators mistakenly check their logs for probes that happen during the night, not realising that the hacker may be in a different time zone. It may be midnight or 2am for the hacker but it is 10am local time. Attacks can and do take place at any time.

How can the risks be reduced?

Attackers mostly look for soft targets. The best way to counter attacks from a script kiddie is to ensure that your systems are not vulnerable to known exploits. Vulnerability testing can achieve this. Test your installations on a regular basis.

* Ensure that your firewall rules are as they should be. Have your firewall configuration audited, independently. One rarely sees one's own mistakes

* Test your Internet-facing applications:- login pages and Web forms, etc. for exploitable vulnerabilities like SQL injection.

* Do not allow unused services to run on your machine, only run the services you actually need for your applications, and make sure that they are the latest version.

*Delete example scripts from your Web servers. Many of these scripts install in one of the following directories:

 /issamples

/iisadmpwd

/cgi-bin

/scripts

/cgi-win

And these are only just a few!

Remember there is no shame in finding vulnerabilities, all systems have them, and new one are discovered literally every day. The shame comes in not testing for them, and allowing a hacker to find them before you do, and exploit them, concludes Cribb.