[Leaplist] A letter to my Windows friends...

John Simpson jms1 at jms1.net
Wed Nov 29 22:29:33 EST 2006 

On 2006-11-29, at 2122, Austin (Ozz) Denyer wrote:
>
> To be fair, the average life expectancy of a new, unpatched,
> default-config Linux box on the net is around 30 mins, assuming
> installation from CD/DVD (as opposed to a Net Install, which would by
> it's very nature patch an install).

hrmmmm...

the problem with this statement is that the phrase "default-config  
Linux box" can mean anything from a bare-bones debian install from a  
business card CD, all the way up to a desktop machine running  
mandrake or fedora 6, and any number of other distros in between.

i can tell you from experience that debian woody, installed on an  
x86_32 machine from a business card CD (which is about as minimal as  
it gets) sets up a machine with no services running at all- not even  
sshd. granted, this may not be what you had in mind, but it DOES fall  
within the possible set of definitions for the phrase "default-config  
Linux box", if "debian woody" happens to be what you think of as  
"Linux".

now that i think of it, i would like to see this put to the test. i'm  
wondering if anybody here would be willing to build a "default-config  
Linux box" based on fedora, mandrake, ubuntu, or some other commonly  
used distro, connect it DIRECTLY to the internet (with no NAT device,  
no firewall other than whatever iptables/ipchains stuff the installer  
puts in there by default), and see how long it actually takes for the  
machine to be compromised.

i don't doubt the machine would be attacked within a few minutes- but  
would that attack be successful?

it's certainly something to talk about on saturday at the  
installfest, i guess. i don't have anyplace to hang a machine on the  
net with a real IP address anyway, unless i want to drive to melbourne.

--------------------------------------------------
| John M. Simpson - KG4ZOW - Programmer At Large |
| http://www.jms1.net/           <jms1 at jms1.net> |
--------------------------------------------------
| Mac OS X proves that it's easier to make UNIX  |
| pretty than it is to make Windows secure.      |
--------------------------------------------------


-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.leap-cf.org/pipermail/leaplist/attachments/20061129/fa239220/PGP.bin

More information about the Leaplist mailing list