VanLUG Email Archive
Traduisez - Übersetzen - Traduzca - Traduza - Tradurre - Translate
Rob Bos (rbos@wizard.ca)
Thu, 18 Jan 2001 11:18:04 -0800
On Thu, Jan 18, 2001 at 10:15:59AM -0800, Yakov N Miles wrote:
> Andrew Daviel wrote:
> >
> > Now we (Linux users) can stop looking so smug!
Indeed, well put. It's really, in hindsight, quite inevitable - I remember
writing an article for linux.com at one point as to how bloody likely it was
that someone was going to write a worm for Linux - the circumstances are
perfect. There are a large number of deprecated systems - I know of several
people who are even running 2.0 kernels on production machines, for instance -
with known security holes, vulnerable to known DoS attacks, and so on, all over
the world. It's only going to get worse from here as worms get more advanced
and capable of exploiting more and more security holes. In fact, I can think
of a few ways in which such a program could be written and made capable of
doing so much more than that relatively primitive attempt - having "modules"
for any given security hole, for instance, would turn a problem into a
nightmare.
The positive is that it will weed out old Linux systems and force people to pay
attention to the REAL problem, and that is competent system administration, a
problem that would crop up regardless of the platform you choose to run on.
Of course, a large quantity of potential security holes can be stopped simply
by running a firewall. I am, in my somewhat biased opinion as part of the
development team, rather taken with the LinuxMagic firewall/VPN disk. But get
a firewall, _any_ firewall - it really helps for peace of mind.
The existence of Internet worms might end up being quite beneficial to Linux at
large, however (I am an eternal optimist) - by weeding out deprecated and
obsolete Linux installations, it can and will drag people, occasionally kicking
and screaming, into new technologies and new security enhancements, such as
IPSEC, which will be to everyone's mutual benefit - providing attrition on the
low end, like wolves attacking a pack of buffalo, will eliminate the sick, the
weak, and the incompetent.
But that's a pretty callous view of things. I more than anyone would like to
see scriptkiddies of the "Oh, k-r4d, 3y3 c4n br34|< Yahoo!" variety get what's
coming to them in the form, perhaps, of a swift cane to the backside - but
that's not entirely a solution, only a workaround. Solutions come in the form
of actual improvements to Internet security, and projects like FreeS/WAN and so
on are the real long-term solution, not laws and such. So if things like the
Ramen Worm make this happen faster, I'm actually ambivalent toward it. At
least, until my systems get hit by it. :)
> > We have just had a machine hit by the Ramen Worm, which targets
> > RedHat 6.2 and 7.0 systems.
*wince* again. More accurately, it attacks the wu-ftpd and rpc.statd
combination, and those are not necessarily Red Hat. Disabling either or both
of those services should workaround it. proftpd is a good FTP server, I think.
-- Rob Bos - System Administration Wizard Internet Services - http://www.wizard.ca http://linuxmagic.com Unix Administration, Website Hosting Network Services, Programming -------------------------------------------- (604) 589-0037 Beautiful British Columbia, Canada -------------------------------------------- Any and all opinions expressed herein are not necessarily the opinions of Wizard Internet Services.-- This message came to you via the Vancouver Linux Users Group mailing list. For unsubscription instructions do not email the list, but rather send mail to <vanlug-request@gweep.bc.ca>.
This archive was generated by hypermail 2.0b3 on Tue 03 Jul 2001 - 18:31:58