Home page logo
/

nanog logo nanog mailing list archives

Re: and here are some answers [was: Quarantine your infected users spreading malware]
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 21 Feb 2006 08:06:57 +0200


bmanning () vacation karoshi com wrote:
On Mon, Feb 20, 2006 at 07:49:04PM -0600, Rob Thomas wrote:

Hey, Bill.

]       wht is the mean-time-to-infection for a stock windows XP system
]       when plugged intot he net?... 2-5minutes?  you can't get patches
]       down that fast.

The same case can be made for Linux and Unix-based web servers with
vulnerable PHP-based tools.  There's also a large number of poorly
configured devices such as routers with easily guessed passwords,
overly permissive DNS name servers, etc.

It's not simply a Windows problem.

Thanks,
Rob.


        true enough.  but "auntie jane" doesn't have linux/unix web server(s)
        or router(s) (other than the one provided by her ISP and managed by them)
        and has zero clue about overly permissive <service> machines.

        me thinks it is a -much- larger pool that gets taken advantage of
wiht a much higher threshold of ignorance about problems.
--bill

You described it best, and home users are indeed the problem discussed.

However, the amount of insecure routers out there is scary by itself. Rob has a lot more data on that than me and I don't doubt what he said.

--
http://blogs.securiteam.com/

"Out of the box is where I live".
        -- Cara "Starbuck" Thrace, Battlestar Galactica.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault