Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Worm bait?



On Wed, Aug 20, 2003 at 11:32:01AM -0400, Jerry Feldman wrote:
> On Wed, 20 Aug 2003 11:23:35 -0400
> Derek Martin <invalid at pizzashack.org> wrote:
> 
> > This theory does nothing to explain why IIS is the most attacked web
> > server.  It is NOT the most widely installed web server.  I conclude
> > that there is something else at work here.
>
> That theory was only for email clients. 

Why are other commonly exploited programs any different?  There may be
specific examples with very good reasons (I'll give one momentarily),
but in general I don't see how other programs are different.  Using
your logic, one would expect Apache, not IIS, would be the most
attacked web server.

> Web servers (and servers in general) are totally different animals. IIS
> has many security flaws, and is often run on personal Windows machines.

Apache is more widely installed, and is generally a part of the
default install of most Linux distributions, and possibly other Free
Unixes, I don't know.  I think your logic falls down.  People don't
attack Apache as often because a) it isn't crap, and b) it has no
large crowd of haters.  This despite its code is open for all the
world (and its attackers) to see, and find flaws, whereas Microsoft's
code isn't.  People actually have to work at finding holes in IIS.
And they do.

> BIND is also a frequent target of attack. 

While this is true, I think the case here really IS different -- very
different.  BIND is a program that has been a historic target, before
the popularity of Windows.  In a very real way, DNS is a critical part
of the security of any network, and the vast majority of DNS servers
run BIND.  Because of that, it is a natural target for anyone who
wants to do some REAL hacking/cracking.  For all these reasons, it has
a certain following...  And even though it has been attacked
frequently, in recent times I think you'll find it is attacked 
less frequently (in some cases far less) than any one of IIS, Outlook,
SQL Server, Exchange, etc.

-- 
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.
Replying to it will result in undeliverable mail.
Sorry for the inconvenience.  Thank the spammers.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.blu.org/pipermail/discuss/attachments/20030820/159fbb94/attachment.sig>



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org