[rescue] roadrunner
Sheldon T. Hall
shel at cmhcsys.com
Tue Mar 18 16:37:44 CST 2003
Joshua D. Boyd wrote ...
> On Tue, Mar 18, 2003 at 04:35:41PM -0500, Sheldon T. Hall wrote:
>
> > Given the number of port-scan and crack attempts we saw, I
> > wasn't about to plug in anything remotely useful to the
> > haxors. A stripped-down NT box is pretty useless, even if
> > they crack it. They can knock it over, but they can't use
> > it for much.
>
> Not if they can get their own executables installed on it. Then a
> cracked NT box can be quite harmfull to the net at large.
You are, of course, quite correct.
The box in question was as stripped as we knew how to make it, and, more
inmportantly, as secure. No open ports. No 'net-side services. Lots of
logging, and we checked the logs. Fanatical attention to MS service packs,
hotfixes, and whatnot. I'm pretty serious about that sort of stuff, though
I might not sound like it. We got probed almost daily from IP addresses all
over the world, but no one ever got in.
My current setup (a Farallon Netopia ISDN router) has rather limited logging
compared to what we had then, so it's hard to tell whether we're getting
probed as much. I see a few SNMP (baby!) attempts from time to time, but
nothing like the constant crap we got on RR. My ISP is a lot hipper than
RR, though, and may be choking a lot of that stuff off at the border.
But, you're right about NT. Unsecured, it's as bad as anything else, maybe
worse.
-Shel
More information about the rescue
mailing list