Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Worms versus Bots

  • From: Paul Jakma
  • Date: Wed May 05 05:22:45 2004

On Tue, 4 May 2004, chuck goolsbee wrote:

> So maybe they WOULD be better with a "WebTV" model.
> 
> Or a Macintosh.

or a cheap Lidel or WalMart PC with Fedora 1 on it. Epiphany,
Evolution and OpenOffice would keep vast majority of the basic
computer users happy. Distributions like Fedora[0] are pretty much
invulnerable to mass, automated worm infections[1].

Automated worms would literally be a thing of the past if everyone
switched to Fedora, RHEL or if the current dominant OS vendor adopted
similar measures (apparently they will be). Judging by the amount of
packets (couple per s) I get in to common vulnerability ports, there 
are a lot of worm infected machines out there:

# iptables -L scans -v | awk 'BEGIN { printf ("\n%5s  %6s  %4s  
%20s\n", "pkts", "bytes", "prot", "dest port"); } NR > 2 && $1 ~ 
/^[0-9]/ { sub (/^dpt:/, "", $11); pkts += $1; bytes += $2; printf 
("%5d  %6d  %4s  %20s\n", $1, $2, $4, $11);} END { printf ("-----  
------\n%5d  %6d\n", pkts, bytes);}'

 pkts   bytes  prot             dest port
 1721   82856   tcp          microsoft-ds
  874   42008   tcp                   135
  455   21944   tcp           netbios-ssn
  322   15456   tcp                  3127
   36    1788   tcp              ms-sql-s
  661   31776   tcp                  2745
  309   14832   tcp                  6129
   82    3960   tcp                  swat
  427   20556   tcp                  1025
  263   20514   udp            netbios-ns
   36   14544   udp              ms-sql-m
-----  ------
 5186  270234

that's maybe an hours worth or less of counting too. And what uses 
TCP ports 1327 and 2745?

0. http://people.redhat.com/drepper/nonselsec.pdf[2]

1. Though not to trojans which attack human vulnerabilities
obviously, or non buffer overflow attacks, eg scripting language
vulnerabilities, though these are rare.

2. Obviously, the 2 main mechanisms described in the paper originate
elsewhere in concept, but Fedora is probably the first OS of
sufficient use to a basic computer user to put it all together.

regards,
-- 
Paul Jakma	paul@clubi.ie	paul@jakma.org	Key ID: 64A2FF6A
	warning: do not ever send email to spam@dishone.st
Fortune:
QOTD:
	Money isn't everything, but at least it keeps the kids in touch.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.