I myself am wondering if you can really call this a "compromised system". it would seem to me that leaving it open on any sort of network with full read/write for FTP would just be a system that s being used. IMHO to compromise the system they would have had to do a little more than ftp blank.whatever.com to get in.
Gavin S. -----Original Message----- From: Anders Reed Mohn [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 11, 2003 9:04 AM To: [EMAIL PROTECTED] Subject: RE: Compromised Server Project >I keep reading how quickly unsecured servers on high speed connections >can be compromised. Is it really as bad as they keep saying? Just how >long could a server (IIS 6 on Windows 2003 Server RC2) remain safe when >just sitting quietly and not offering an Internet presence? That's a question with a pretty random answer, isn't it? But of course, there are loads of factors that come into play. To mention some: - Amount of software installed on the box - Size of providers network (some worms prefer visiting neighbours) - As someone else said: how well known is the ISP? - Which worms are on the loose at the moment? etc, etc, etc..... I've tried this a few times myself, and have seen everything from a couple of seconds to several hours. Also, your box being as "boring" as it is, I'd guess skilled hackers would spot that, and not give a **** (or smell a rat) leaving it for the script kiddies, who probably neither know how to get in properly, nor care to mount specific attacks at single targets. My guess, anyway :) Cheers, Anders :)
