Blackhole
Michael Schwendt
fedora at wir-sind-cool.org
Tue Apr 26 09:05:29 UTC 2005
On Mon, 11 Apr 2005 20:13:36 +0100, Chris Kenward wrote:
> Hi Tom
>
> > I was reading an article where someone set up a "honeypot" to
> > figure out how people were breaking into systems & figure out
> > ways to stop them/track them... After an initial system install
> > (no firewalls, no updates), the average time for someone to take
> > over the machine was, like, less than 4 hours. (I'm thinking it
> > was closer to 20 minutes)
>
> Scary stuff indeed. Makes me want to ditch the 6 redhat servers I'm running
> and go back to Windows 2003! <flame suit ON!> ;)
Huh? Without any knowledge of what base OS and version that "honeypot" was
running in, you come to such a conclusion about your servers? The poster
of above paragraph did not say that the machine was an up-to-date RHEL
server. He explicitly mentioned "no updates".
If you connect a machine to the Internet and forget to install the OS
vendor's security errata packages, surely there are people "out there",
who can exploit known vulnerabilities either with available scripts,
rootkits or selfmade exploits.
For a honeypot test, you usually compare break-in times with an up-to-date
installation? Did this tester do that, too?
--
Fedora Core release 3.91 (Pre-FC4) - Linux 2.6.11-1.1258_FC4
loadavg: 1.04 1.08 1.01
More information about the redhat-list
mailing list