[Dshield] Interesting Zombie Data Graphs

Laura Vance vancel at winfreeacademy.com
Thu Nov 10 17:47:16 GMT 2005

Pete Cap wrote:

>--- Valdis.Kletnieks at vt.edu wrote:
>>Unfortunately, by the time the ISP's figure out it's
>>worth doing something
>>for the Linux users, we'll have people running the
>>JoeSixPackIX distro, and
>>have the exact same problems all over again.
>This is a valid point.
>To me, the security of linux vs. windows has not
>really been proven.  It would require hard data on the
>rate of compromise broken down by Linux vs. Windows. 
>The statistical test for this sort of thing is fairly
>simple--IF we had the data, we could see if Linux
>users get hacked less frequently because they have
>less of the "market share" or if it's because they're
>using Linux.  So far as I know this has not been
>performed.  I wish a big ISP would publish its user
>stats just for this purpose :)
When I mentioned Linux it wasn't intended as a Linux vs Windows thing, 
so I hope the thread doesn't head that way.  I was only stating that if 
the ISP's make it a "you must run this software to be on our network" 
situation then they need to write that software for Linux users too.  
Otherwise, Linux users will eventually be effectively banned from the 
Internet unless we pay for a commercial account for home use, which 
isn't really fair.  An alternative would be to find out if the Linux 
users know how to use the firewall that came with their systems which is 
typically iptables, and it's not hard to determine though a very short 
conversation if this is the case.

Tech Support: "ok, you're running Linux, what firewall are you using?"
response from JoeSixPackIX user: "I have a barbecue grill out back, but 
I don't have any walls around it."
response from a more knowledgable user: "I believe it's called iptables, 
but I'll need some help setting it up."
response from a Linux admin type: "I'm using iptables with a restrictive 
rule set so no l33t h4x0r5 c4n g3t 1n."
(smile, it's humor)

The comment about me being a diligent user comes from the fact that I'm 
an IT professional and deal with network security on our systems at 
work, and at home I also keep an eye on what is happening to my 
systems.  I know that Linux can be hacked (luckily the only one that's 
gotten me is the SSL flaw a few years ago, and that was at work), and I 
try to keep updated on what software I'm running that's vulnerable, 
because typically it is 3rd party software that's compromised, not the 
kernel itself.

My work environment/network is a school that caters to high school 
students that are at risk of dropping out of school and never 
graduating.  With this group of students, no matter what we do, they are 
going to find sites to download the latest malware.  We have even had 
some students tell teachers that they were going to hack into the server 
so they could get to their favorite site that was blocked in the proxy 
or firewall.  So far, none of them have succeeded, and I hope none of 
them ever do, but I stay diligent.  The reason I say this is because I'm 
pretty sure that my situation is somewhat different than most of yours 
in that I have to defend against both external and internal hackers.... 
intentional hackers and not just someone that downloaded something by 
accident.  So far, the systems have been very stable, and as I mentioned 
above, no successful hacks have happend since the SSL flaw was 
repaired.  I'm not saying that there isn't a vulnerability somewhere in 
there, but nothing has been hacked, and my logs show that thousands of 
attempts are made each day (not counting internal attempts, since I 
don't submit internal sources IP's to DShield).

Laura Vance
Systems Engineer

More information about the list mailing list