Blackhole
Ed Wilts
ewilts at ewilts.org
Tue Apr 26 11:48:21 UTC 2005
On Tue, Apr 26, 2005 at 11:05:29AM +0200, Michael Schwendt wrote:
> On Mon, 11 Apr 2005 20:13:36 +0100, Chris Kenward wrote:
>
> > > I was reading an article where someone set up a "honeypot" to
> > > figure out how people were breaking into systems & figure out
> > > ways to stop them/track them... After an initial system install
> > > (no firewalls, no updates), the average time for someone to take
> > > over the machine was, like, less than 4 hours. (I'm thinking it
> > > was closer to 20 minutes)
> >
> > Scary stuff indeed. Makes me want to ditch the 6 redhat servers I'm running
> > and go back to Windows 2003! <flame suit ON!> ;)
>
> Huh? Without any knowledge of what base OS and version that "honeypot" was
> running in, you come to such a conclusion about your servers? The poster
> of above paragraph did not say that the machine was an up-to-date RHEL
> server. He explicitly mentioned "no updates".
Actually, I believe that somebody from Red Hat had looked at every patch
they've released for RHEL 3 and determined that if you installed it
naked on the Internet with *NO* updates but in its default
configuration, it would not yet have been penetrated even if you
installed it the day it was released (Oct 2003 I think).
If you look at most of the RHEL 3 vulnerabilities, they're local root
exploits - i.e. you already need to be on the system before you can
elevate your privilege level. I would prefer that the bad guys don't
get on my system in the first place...
--
Ed Wilts, RHCE
Mounds View, MN, USA
mailto:ewilts at ewilts.org
Member #1, Red Hat Community Ambassador Program
More information about the redhat-list
mailing list