Toolkit
Story: Linux servers 'attacked more often'
Posted by: David Mohring (Friday 20 February 2004, 8:15 PM)
Continued...
ATTACKERS EXECUTING COMMANDS FROM THOUSANDS OF INFECTED SYSTEMS
Once a system is compromised, an attacker can install malicious code known as a bot that allows the attacker to use the system for future scanning or as a launching point for future attacks (such as planned, distributed denial-of-service attacks). Once a system has become infected, the attacker can maintain a running list of the entire botnet (network of infected systems) by simply issuing commands through Internet Relay Channel (IRC is a common communication channel used by bots). Afterwards, all listening bots (sometimes numbering in the thousands) will execute any command issued by the attacker. Symantec examined an automated tool like this, which accounted for supposable Nimda (blended threat) traffic, after it was captured in a Honeypot network3.
CONCLUSION
The evidence in this report clearly shows that the risk of blended threats and attacks is rising. Understanding how to budget for security and what products and services are needed will involve some of the most important decisions that every corporation faces in the 21st century. The trends that we discuss in this report help executives understand some of the threats faced by their systems administrators every day. Symantec carefully monitors other potential threats such as the rise in peer-to-peer attacks (including instant messaging), mass mailers (like SoBig), the general trend toward theft of confidential information, and the rapid increase in the number of Windows 32 (Win32) threats.
UNQUOTE
Conserning the rest of the Mi2g study...
How was this data taken? What was the sampling method? What was considered an attack?
In other words, how far into the OS did the attacks go. For Linux, a relevant question is "did the attack just breach a user's account, or did it penetrate to the root?". Did the attacker just replace the webpage?
Lastly, were the vulrabilities exploited an inherent part of the OS and Webserver or an addon such as PHP-Nuke?
Read "A Grain of Salt: dealing with Operating Systems security debate"
http://www.thinkmagazine2.org/versione_layer/security.html
Full Talkback thread
Story: Linux servers 'attacked more often'
-
Welcome to the real world Linux! I hope you decide... Dave Oliver -
Not suprising is you consider Linux is used by the... Mark Cope
-
mi2g is a dodgy company with dodgy staff in need o... Anonymous
-
The MI2G study of servers "did not include other m... David Mohring
-
Continued...
ATTACKERS EXECUTING COMMANDS FROM THO... David Mohring -
a) All the windows servers are already compromised... Anonymous
-
Most likely open mail relays were considered "comp... Anonymous
-
Yes... From my experience, GNU/Linux systems are m... Matthew C. Tedder
-
I had to laugh at this comment: "With Windows serv... Joel Stone
-
Mi2g is a very dodgy company. I'm not sure you wan... Anonymous
-
did they control for the number of servers? and h... mark hahn
-
This is just the begining of the mess.
For years o... Spark
-
That doesn't mean that Linux servers are bad. The... Anonymous
-
Well. I agree that they counted more Linux servers... Sam
Back to: Linux servers 'attacked more often'
