Penetration Testing mailing list archives
Re: [PEN-TEST] Looking for slides
From: "William D. Colburn (aka Schlake)" <wcolburn () NMT EDU>
Date: Tue, 31 Oct 2000 15:44:54 -0700
Hmmmm. I found a stock redhat 5.2 box on my campus last week. It seems to have been up and running (and on the internet) since 1998. It was running a web server (and had web pages on it), DNS, news, printing, and every other inane service that got installed by default. I searched it really hard for any evidence of a compromise, but as far as I can tell it was a pure as freshly fallen snow. I was, to say the least, suprised. The juiciness of the target has a lot to do with the speed of its demise. The box I found was old outdated hardware when Redhat was first installed on it. The person who installed redhat skipped all the development stuff (not sure why, the hard drive was big enough), so there was no compiler. The network it was on was a patched together hunk of copper almost a hundred miles long between it and the router. In short, it was a slow machine on a slow link, without any tools. No doubt that no one was interested in it. PS: That machine isn't on our network anymore. :) On Tue, Oct 31, 2000 at 03:11:29PM -0500, Bennett Todd wrote:
2000-10-31-11:15:28 Ed Lamaster:About 6 months ago I stumbled on a Powerpoint presentation that had some interesting information about how long it took a stock RedHat box (think it was 5.2, but I might be wrong) to be discovered and completely compromised on a university network. My recollection was that the total time elapsed was around 3 or 4 months.Whew. I find that astonishing. I'd have put the expected time at a few days, and I'd be completely unsurprised to see a stock Unix system (any vendor, never seen one secure out of the box[*]) get knocked flat even before the install finished. It all depends on the current climate of folks running automated scanners in your part of the net. I always and only install on secured private networks, and don't expose servers to the internet until inetd is killed, sendmail is killed, lpd is killed, BIND is killed, portmapper is killed, .... -Bennett
-- William Colburn, "Sysprog" <wcolburn () nmt edu> Computer Center, New Mexico Institute of Mining and Technology http://www.nmt.edu/tcc/ http://www.nmt.edu/~wcolburn
Current thread:
- [PEN-TEST] Looking for slides Ed Lamaster (Nov 01)
- Re: [PEN-TEST] Looking for slides van der Kooij, Hugo (Nov 01)
- Re: [PEN-TEST] Looking for slides Bennett Todd (Nov 01)
- Re: [PEN-TEST] Looking for slides William D. Colburn (aka Schlake) (Nov 01)
- Re: [PEN-TEST] Looking for slides Gary Flynn (Nov 01)
- <Possible follow-ups>
- Re: [PEN-TEST] Looking for slides Haugsness, Kyle (Nov 01)
- Re: [PEN-TEST] Looking for slides Ed Lamaster (Nov 01)