Aussies leaving lots of insecure ports open to attackers

Australian sysadmins continue to live dangerously and expose insecure network services to a hostile internet, putting themselves at risk of compromise and information theft.

Security vendor Rapid7 scanned much of the IPv4 internet [pdf] to check the extent of networked computer systems exposing services to the world.

The scans ranked Australia ninth globally for offering more exposed services relative to its total size on the internet than most other developed nations.

In total, Rapid7 scanned close to 48.5 million IPv4 addresses allocated to Australia for its report.

Unnecessary exposure of specific services to the internet can be abused by attackers to compromise computer systems and steal information.

For instance, the WannaCry ransomware worm that ripped through hundreds of thousands of systems scanned for internet-connected computers that ran vulnerable versions of Microsoft's System Message Block file sharing protocol.

Despite the widespread publicity around WannaCry, Rapid7 found over one million systems still offering SMB file sharing services to the internet.

Likewise, distributed denial of service botnets like Mirai scan for internet of things (IoT) devices that listen on the clear-text telnet remote access port 23 for takeover opportunities.

Many admins also leave information at risk of being stolen or ransomed by carelessly exposing database servers to the internet.

"For example, we surveyed the internet for the database service ports associated with Microsoft SQL Server (port 1433) and MySQL (port 3306)," Rapid7 said.

"Both of these database systems offer perfectly adequate authentication protocols and encryption guarantees, but the services offer direct access to random strangers when, in practice, there is no earthly reason to do so."