[lug] I wish RH users would secure... (D. Stimits)

D. Stimits stimits at idcomm.com
Fri Apr 20 12:34:40 MDT 2001 

Sean Reifschneider wrote:
> 
> On Wed, Apr 18, 2001 at 01:37:32PM -0600, D. Stimits wrote:
> >It is the part about attracting the attention of crackers that I am
> >looking most closely at. When someone tries to get into my machine, I
> 
> How exactly do RedHat users attract the attention of crackers?  You make it
> sound like the crackers are going through some list saying "HeEeey!  A
> RedHat user!"  My experience is more that the crackers are scanning for
> lprng, FTP, named, and portmapper (among others) looking for vulnerable
> systems, and targeting those.

I think Redhat security flaws get more press, even though they are
shared with other distributions most of the time. Redhat is known better
for bad default setups, combined with more newbies using it. I believe
(maybe inaccurately) that there are plenty of script kiddies out there
running port scanners that look for the redhat label before trying
something. It is simply a game of scanning as many places as possible,
then picking the ones that are most likely to be broken; there are so
many possibilities, it is like a sales call where they simply pick the
right demographics. So yes, the other distros are usually just as
vulnerable (not always, take linuxconf for a case in mind), but I think
probably some crackers do in fact look for Redhat before they bother
trying their scripts...other distros with out-of-date versions of
various packages would also fall, but only if someone bothers to try.
When someone tries to get into my system, most of the time I am able to
find out what system they have, including distribution, kernel version,
and some of their package versions as well (script kiddie attackers are
not intelligent).

D. Stimits, stimits at idcomm.com

> 
> No matter what distribution you're using, if you're running a vulnerable
> network-accessable daemon, you're targeted...
> 
> Sean
> --
>  This mountain is PURE SNOW!  Do you know what the street value of this
>  mountain is!?!                -- Better Off Dead
> Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list