[LINK] More IIS Horror Stories
Gordon Keith
gordon.keith@marine.csiro.au
Mon, 5 Nov 2001 11:10:52 +1100
On Sun, 4 Nov 2001 22:51, Malcolm Miles wrote:
> On Sun, 4 Nov 2001 17:55:21 +1100, you wrote:
> >To see for ourselves how long a default installation of IIS would
> > last in the wild,
> So they connected an operating system with a known vulnerability to
> the Internet where packets exploiting the vulnerability are running
> rampant and the server got infected. Well surprise, surprise. Exactly
> what was this outstanding bit of research meant to tell us?
How long it takes.
The answer - 15 minutes.
On a sample size of 1.
Conclusion - you can not used an unpatched system to get the patches -
it will be broken before the patches are downloaded.
I actually find this mildly useful information. My machine at home
isn't well patched, (default SuSE 7.1 installation), but I only connect
for fairly short periods of time, usually less than 15 minutes. So I
haven't worried much about security.
Should I be more worried about security? This study makes it look like
I should be thinking about it.
Regards
Gordon