Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

More Attacks on Linux than Windows

superdk Re:Only attacks that are noticed can be recorded (412 comments)

I work for a CLEC (phone company) that provides T1s data and voice. Most of the time we provide a router and manage it ourselves. You would not believe how many admins/IT departments don't know that their windows boxes have been compromised. Someone says their internet is slow, a ticket comes to my group, we look at the traffic going across the router and sure enough, some box inside the network is scanning subnets on a specific TCP or UDP port.

we've got the webserver worms scanning on port 80...
then there's a nice SQL hack out there that scans on 1433
there's a netbios hack which scans 139
and there are a few other obscure hacks for some other servces which aren't used too much

in the last year of doing this job, i saw one guy with a linux box and an old, unpatched version of Bind. his box was scanning on port 53 of course.

why do i see so many windows boxes that are hacked/infected? mainly because most people don't know to use anything else!! beyond that they don't manage the boxes like they should (patches, updates...) and on top of that, they don't know when it's been compromised. poor management and lax security practices cause a BIG part of the problem. the correlation most people make is "windows = poor security" when they should be saying "admin-who-doesn't-understand-anything-but-point-a nd-click = poor security"

now i'm not a windows advocate, but for crying out loud, if a windows admin keeps up with patches and updates and keeps logs and does all the right stuff, he'll most likely be ok. on the other hand, if a linux admin installs the box and leaves it hanging out on the internet, he's going to have problems.

more than 12 years ago

Submissions

superdk hasn't submitted any stories.

Journals

superdk has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>