nanog mailing list archives

Re: EBAY and AMAZON

From: valdis.kletnieks () vt edu
Date: Wed, 13 Jun 2012 14:42:20 -0400

On Wed, 13 Jun 2012 11:08:25 -0700, JC Dill said:

If both flavors were equally easy to exploit, according to your theory
above we would see more exploits on the *nix servers.  Yet server-side
exploits are seen on Windows servers far more often than *nix servers,
despite the fact that more web pages are served by *nix servers than
Windows servers.


I suspect the *real* issue is that for really large systems, it's not so much
"exploits" as "one-off customized attacks".  The chances of pwning Bank
of America with an off-the-shelf attack are pretty low - but finding a blind
SQL injection and leveraging it are a bit higher.

And given all the 'XYZ got pwned' news stories, I suspect that in fact
the *nix boxes *are* being attacked - just not with COTS attack tools.

Attachment: _bin
Description:

Current thread:

Re: EBAY and AMAZON, (continued)
- - - Re: EBAY and AMAZON Barry Shein (Jun 13)
    - RE: EBAY and AMAZON Keith Medcalf (Jun 13)
    - Re: EBAY and AMAZON Rich Kulawiec (Jun 13)
    - vulnerability and popularity (was: EBAY and AMAZON) Andrew Sullivan (Jun 13)
    - Re: vulnerability and popularity (was: EBAY and AMAZON) Aled Morris (Jun 13)
    - Re: vulnerability and popularity (was: EBAY and AMAZON) Owen DeLong (Jun 13)
    - Re: EBAY and AMAZON Doug Barton (Jun 13)
    - Re: EBAY and AMAZON Jimmy Hess (Jun 12)
- Re: EBAY and AMAZON Astro Dog (Jun 13)
  - Re: EBAY and AMAZON JC Dill (Jun 13)
    - Re: EBAY and AMAZON valdis . kletnieks (Jun 13)
    - Re: EBAY and AMAZON Jeroen van Aart (Jun 14)