[Leaplist] A letter to my Windows friends...

William A. Mahaffey III wam at HiWAAY.net
Wed Nov 29 22:40:03 EST 2006 

John Simpson wrote:

> On 2006-11-29, at 2122, Austin (Ozz) Denyer wrote:
>
>>
>> To be fair, the average life expectancy of a new, unpatched,
>> default-config Linux box on the net is around 30 mins, assuming
>> installation from CD/DVD (as opposed to a Net Install, which would by
>> it's very nature patch an install).
>
>
> hrmmmm...
>
> the problem with this statement is that the phrase "default-config  
> Linux box" can mean anything from a bare-bones debian install from a  
> business card CD, all the way up to a desktop machine running  
> mandrake or fedora 6, and any number of other distros in between.
>
> i can tell you from experience that debian woody, installed on an  
> x86_32 machine from a business card CD (which is about as minimal as  
> it gets) sets up a machine with no services running at all- not even  
> sshd. granted, this may not be what you had in mind, but it DOES fall  
> within the possible set of definitions for the phrase "default-config  
> Linux box", if "debian woody" happens to be what you think of as  
> "Linux".
>
> now that i think of it, i would like to see this put to the test. i'm  
> wondering if anybody here would be willing to build a "default-config  
> Linux box" based on fedora, mandrake, ubuntu, or some other commonly  
> used distro, connect it DIRECTLY to the internet (with no NAT device,  
> no firewall other than whatever iptables/ipchains stuff the installer  
> puts in there by default), and see how long it actually takes for the  
> machine to be compromised.
>
> i don't doubt the machine would be attacked within a few minutes- but  
> would that attack be successful?
>
> it's certainly something to talk about on saturday at the  
> installfest, i guess. i don't have anyplace to hang a machine on the  
> net with a real IP address anyway, unless i want to drive to melbourne.



I just set this box up a few months ago (late spring/early summer) w/ 
FC5 & it *does* come w/ a pretty good default iptables setup, I had to 
punch a few holes to get NFS & other in-house stuff that I wanted 
working, so I *think* the Linux (at least FC5/6) might do OK in that 
test. $0.02, no more, no less ....


-- 

	William A. Mahaffey III

 ----------------------------------------------------------------------

	"The M1 Garand is without doubt the finest implement of war
	 ever devised by man."
                           -- Gen. George S. Patton Jr.

More information about the Leaplist mailing list