[88834] in North American Network Operators' Group
Re: and here are some answers [was: Quarantine your infected users
daemon@ATHENA.MIT.EDU (Gadi Evron)
Tue Feb 21 01:09:00 2006
Date: Tue, 21 Feb 2006 08:06:57 +0200
From: Gadi Evron <ge@linuxbox.org>
To: bmanning@vacation.karoshi.com
Cc: Rob Thomas <robt@cymru.com>, NANOG <nanog@merit.edu>
In-Reply-To: <20060221060231.GA7311@vacation.karoshi.com.>
Errors-To: owner-nanog@merit.edu
bmanning@vacation.karoshi.com wrote:
> On Mon, Feb 20, 2006 at 07:49:04PM -0600, Rob Thomas wrote:
>
>>Hey, Bill.
>>
>>] wht is the mean-time-to-infection for a stock windows XP system
>>] when plugged intot he net?... 2-5minutes? you can't get patches
>>] down that fast.
>>
>>The same case can be made for Linux and Unix-based web servers with
>>vulnerable PHP-based tools. There's also a large number of poorly
>>configured devices such as routers with easily guessed passwords,
>>overly permissive DNS name servers, etc.
>>
>>It's not simply a Windows problem.
>>
>>Thanks,
>>Rob.
>
>
> true enough. but "auntie jane" doesn't have linux/unix web server(s)
> or router(s) (other than the one provided by her ISP and managed by them)
> and has zero clue about overly permissive <service> machines.
>
> me thinks it is a -much- larger pool that gets taken advantage of
> wiht a much higher threshold of ignorance about problems.
>
> --bill
You described it best, and home users are indeed the problem discussed.
However, the amount of insecure routers out there is scary by itself.
Rob has a lot more data on that than me and I don't doubt what he said.
--
http://blogs.securiteam.com/
"Out of the box is where I live".
-- Cara "Starbuck" Thrace, Battlestar Galactica.
