This may be what you are looking for. The folks at the San Diego
Supercomputer Center (SDSC) did an experiment earlier this year. It's a
good read. Here's the link and summary...
http://security.sdsc.edu/incidents/worm.2000.01.18.shtml
On December 23, 1999, the folks at SDSC setup a RedHat 5.2 vanilla,
unsecured system (Pentium) on one of their networks. The host was _not_
advertised to the world. The first portscans were observed less than 8
hours later. January 14-18 attackers tried over 20 exploits to vulnerable
services - these attacks failed (probably because they were for RedHat 6.0+
systems). Someone got root in mid-February and installed a rootkit and
sniffer. Someone else got root on February 18 and defaced the web site,
then reported to Attrition.
Regards,
Kyle
-----Original Message-----
From: Ed Lamaster [mailto:ipnetsecure_at_fastpointcom.com]
Sent: Tuesday, October 31, 2000 9:15 AM
To: PEN-TEST_at_SECURITYFOCUS.COM
Subject: Looking for slides
About 6 months ago I stumbled on a Powerpoint presentation that had some
interesting information about how long it took a stock RedHat box (think it
was 5.2, but I might be wrong) to be discovered and completely compromised
on a university network. My recollection was that the total time elapsed
was around 3 or 4 months.
I've been looking "everywhere" for these slides, but haven't been able to
find them. I believe they would be very useful for convincing the clueless
about just how vulnerable they are.
Anyone know the slides I'm referring to and where I can find them?
Thanks in advance...
Ed Lamaster ipnetsecure_at_fastpointcom.com
----------===========----------
Ed Lamaster
ipnetsecure_at_fastpointcom.com
Received on Nov 01 2000
Intro
