[TriLUG] illegal logon question
Rick DeNatale
rick.denatale at gmail.com
Thu Mar 9 15:42:36 EST 2006
On 09 Mar 2006 10:42:49 -0500, jonc <jonc at nc.rr.com> wrote:
> BTW: I've reported many, many folks (from the US) that have their Linux
> boxen taken over by script kiddies. Most times the folks are *very*
> responsive and apologetic. In every case, the folks put up a standard
> install without any hardening or firewalling.
Actually those zombies are much more likely to be Windows boxen, and
corporate ones at that.
>From http://blog.washingtonpost.com/securityfix/2006/03/post.html
And it's not just hacked home PCs we're talking about either. According to
stats released this week by computer security giant Symantec Corp., the
most common computer operating system found in botnets is Microsoft's
Windows 2000, an OS predominantly used in business environments.
Indeed, the vast majority of bots in Witlog's network were Win2K machines,
and among the bots I saw were at least 40 computers owned by the Texas
state government, as well as several systems on foreign government
networks. At least one machine that he showed me from his botnet was
located inside of a major U.S. defense contractor.
And some more info about bots in this recent Symantec report:
http://www.symantec.com/about/news/release/article.jsp?prid=20060307_01
Of the servers, Windows 2000 Server with no patches had the shortest
average time to compromise, while patched Windows 2003 Web Edition
and both unpatched and patched RedHat Enterprise Linux 3 were not
compromised in the testing period. Of the desktops, Microsoft Windows XP
Professional with no patches had the shortest average time to
compromise, while the same desktop system with all patches applied as
well as SuSE Linux 9 Desktop were not compromised.
--
Rick DeNatale
Visit the Project Mercury Wiki Site
http://www.mercuryspacecraft.com/
More information about the TriLUG
mailing list