[luau] New Linux Worm Threatens Serious Denial Of Service Attacks Sept. 16, 2002
Jon Reynolds
jonr at destar.net
Tue Sep 17 20:18:01 PDT 2002
Warren, after reading this post I was wondering how bad it is to just
install everything during the initial install of my OS RH7.3? If you saw
my last post to the list I can't even figure out how to get sound to
work on my laptop. Whenever I try to just install what I think I need,
then try and add an application like star office, there are so many
dependencies that I can never get them all installed correctly. So I
just do a full install, which is a waste of space and resources. Oh
well, as I asked earlier how bad is a full install?
Jon
On Tue, 2002-09-17 at 22:07, Warren Togami wrote:
> This particular Linux worm, and the worms Code Red & Nimda that
> destroyed many Windows servers were only successful because so many
> people NEVER apply updates. Patches for OpenSSL (in this case) or IIS
> (for Nimda and Code Red) were out for months by the time the worm began
> to spread.
>
> You would be surprised how many people on this list don't apply updates,
> or are even aware of the automating updating tools in their Red Hat or
> Mandrake installation. Even more surprising is how often I get into
> arguments with people that refuse to update their systems. They usually
> have reasons along the lines of, "My system isn't important. Why would
> anyone want to crack me?"
>
> This type of thinking is wrong, because systems that are "not important"
> are usually also poorly maintained and poorly monitored. This means
> that crackers want to hijack your box in order to use as a relay from
> which they can attack other targets almost without being traced. If
> your system is poorly monitored and maintained, they are likely to be
> able to use your system as an attack relay for a longer period of time.
> Other crackers may host warez downloads or steal personal data from your
> computer... both of which will cause problems for you.
>
> These people think, "It wont happen to me." but it sure will if they
> don't apply updates.
>
> These people think applying updates is too hard. Well, it isn't!
> Almost every Linux distribution now has some type of automated updating
> tool, most of which are as easy as point & click. Here's a list of
> several:
>
> Red Hat up2date
> Mandrake rpmdrake or urpmi
> SuSE YAST2
> Debian apt-get
> Conectiva apt-rpm
> Gentoo emerge
>
> Spend a small amount of effort now and figure out how these automated
> updating tools work. Much better than spending much effort later after
> your box gets cracked, data destroyed, your bandwidth wasted and
> personal information stolen.
>
> If you would like more information about how to use automated updating
> tools in any specific distribution, please ask and someone will
> elaborate.
>
> Warren Togami
> warren at togami.com
>
>
> _______________________________________________
> LUAU mailing list
> LUAU at videl.ics.hawaii.edu
> http://videl.ics.hawaii.edu/mailman/listinfo/luau
More information about the LUAU
mailing list