[Dshield] Interesting Zombie Data Graphs
vancel at winfreeacademy.com
Thu Nov 10 17:47:16 GMT 2005
Pete Cap wrote:
>--- Valdis.Kletnieks at vt.edu wrote:
>>Unfortunately, by the time the ISP's figure out it's
>>worth doing something
>>for the Linux users, we'll have people running the
>>JoeSixPackIX distro, and
>>have the exact same problems all over again.
>This is a valid point.
>To me, the security of linux vs. windows has not
>really been proven. It would require hard data on the
>rate of compromise broken down by Linux vs. Windows.
>The statistical test for this sort of thing is fairly
>simple--IF we had the data, we could see if Linux
>users get hacked less frequently because they have
>less of the "market share" or if it's because they're
>using Linux. So far as I know this has not been
>performed. I wish a big ISP would publish its user
>stats just for this purpose :)
When I mentioned Linux it wasn't intended as a Linux vs Windows thing,
so I hope the thread doesn't head that way. I was only stating that if
the ISP's make it a "you must run this software to be on our network"
situation then they need to write that software for Linux users too.
Otherwise, Linux users will eventually be effectively banned from the
Internet unless we pay for a commercial account for home use, which
isn't really fair. An alternative would be to find out if the Linux
users know how to use the firewall that came with their systems which is
typically iptables, and it's not hard to determine though a very short
conversation if this is the case.
Tech Support: "ok, you're running Linux, what firewall are you using?"
response from JoeSixPackIX user: "I have a barbecue grill out back, but
I don't have any walls around it."
response from a more knowledgable user: "I believe it's called iptables,
but I'll need some help setting it up."
response from a Linux admin type: "I'm using iptables with a restrictive
rule set so no l33t h4x0r5 c4n g3t 1n."
(smile, it's humor)
The comment about me being a diligent user comes from the fact that I'm
an IT professional and deal with network security on our systems at
work, and at home I also keep an eye on what is happening to my
systems. I know that Linux can be hacked (luckily the only one that's
gotten me is the SSL flaw a few years ago, and that was at work), and I
try to keep updated on what software I'm running that's vulnerable,
because typically it is 3rd party software that's compromised, not the
My work environment/network is a school that caters to high school
students that are at risk of dropping out of school and never
graduating. With this group of students, no matter what we do, they are
going to find sites to download the latest malware. We have even had
some students tell teachers that they were going to hack into the server
so they could get to their favorite site that was blocked in the proxy
or firewall. So far, none of them have succeeded, and I hope none of
them ever do, but I stay diligent. The reason I say this is because I'm
pretty sure that my situation is somewhat different than most of yours
in that I have to defend against both external and internal hackers....
intentional hackers and not just someone that downloaded something by
accident. So far, the systems have been very stable, and as I mentioned
above, no successful hacks have happend since the SSL flaw was
repaired. I'm not saying that there isn't a vulnerability somewhere in
there, but nothing has been hacked, and my logs show that thousands of
attempts are made each day (not counting internal attempts, since I
don't submit internal sources IP's to DShield).
More information about the list