RE: Compromised Server Project

["s7726" <s7726 () yahoo com>]

I myself am wondering if you can really call this a "compromised system". it
would seem to me that leaving it open on any sort of network with full
read/write for FTP would just be a system that s being used. IMHO to
compromise the system they would have had to do a little more than ftp
blank.whatever.com to get in.

Gavin S.

-----Original Message-----
From: Anders Reed Mohn [mailto:anders_rm () utepils com]
Sent: Tuesday, February 11, 2003 9:04 AM
To: security-basics () securityfocus com
Subject: RE: Compromised Server Project


> I keep reading how quickly unsecured servers on high speed connections
> can be compromised.  Is it really as bad as they keep saying?  Just how
> long could a server (IIS 6 on Windows 2003 Server RC2) remain safe when
> just sitting quietly and not offering an Internet presence?

That's a question with a pretty random answer, isn't it?
But of course, there are loads of factors that come into
play. To mention some:

- Amount of software installed on the box
- Size of providers network (some worms prefer
  visiting neighbours)
- As someone else said: how well known is the ISP?
- Which worms are on the loose at the moment?

etc, etc, etc.....

I've tried this a few times myself, and have seen
everything from a couple of seconds to several hours.

Also, your box being as "boring" as it is, I'd guess skilled hackers would
spot that, and not give a ****
(or smell a rat) leaving it for the script kiddies,
who probably neither know how to get in properly, nor
care to mount specific attacks at single targets.

My guess, anyway :)

Cheers,
Anders :)