On Tue, 2002-10-01 at 15:47, Michel Arboi wrote: > Hugo van der Kooij <[EMAIL PROTECTED]> writes: > > The problem clearly lies with the unprotected machines. > > Definitely. This situation is interesting anyway: that's the first > time I hear that one can kill a Slowlaris box just by port scanning > it.
If you want a scarier scenario... I work for a hospital. Several of our radiography machines are front-ended by Slowlaris boxes, which are installed by their vendor (e.g., General Electric PACS). Little thought was given to security; the appliation binaries live under /usr/local, which is world-writable by easily guessed FTP credentials. And we have to keep the machines open on public IP numbers because the vendor has to have access to "maintain" the boxes from their site. So, we just close the loopholes, right? No! The U.S. Food and Drug Administration prohibits anybody from altering any piece of hardware or sofware that is used in the medical treatment of patients; each change has to be submitted to the FDA for approval. So if, for instance, a virus were to infect the machine (er, no pun intended), we couldn't do a darned thing about it, and neither could the vendor, short of coming in and reinstalling everything. Kris - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
