For all intents and purposes, win2k and XP are considered NT.  Just as
95/98/98se/millenium are all 9x.  It is a little easier than referring to 7
different product lines :)

And here is a link for that honeynet project.  I agree, very interesting
stuff.

http://project.honeynet.org/

Adam Lang
Systems Engineer
Rutgers Casualty Insurance Company
http://www.rutgersinsurance.com
----- Original Message -----
From: "Jim Franz" <franz400@triad.rr.com>
To: <midrange-l@midrange.com>
Sent: Monday, December 31, 2001 10:44 PM
Subject: Re: Is IIS worth the risk?


> It doesn't take a reasonable excuse for a large part of the hacker
community
> to target IIS. (btw-IIS is not just NT, but also W2K & XP). The Gartner
> warning which
> started this about IIS clearly stated that for whatever reason, MS & IIS
> will
> continue to be a target. They also stated that IIS will continue to be
> vulnerable
> until MS rewrites it from scratch. Till then the patches will continue.
That
> makes
> the cost of using/maintaining IIS very high. Why hackers do it is
> irrelevant.
> IIS is now a target of favor. If using IIS, make a business decision as to
> what to do.
>
> If you want to know more about the "why" and "how", read 'Know your
Enemy -
> the
> Honeynet Project' about a group tracking both Win & unix hackers.
> imho
> jim franz
>
> ----- Original Message -----
> From: "Adam Lang" <aalang@rutgersinsurance.com>
> To: <midrange-l@midrange.com>
> Sent: Monday, December 31, 2001 1:43 PM
> Subject: Re: Is IIS worth the risk?
>
>
> > I know, but the article was geared towards IIS and not email viruses, so
> the
> > desktop user base is a bit irrelevant.  How much of the Windows user
base
> is
> > actually NT?  And then how many actually have IIS running?
> >
> > Server insecurity being blamed on the number of users making it a
juicier
> > target is a cop out.  Not a justified excuse.
> >
> > Adam Lang
> > Systems Engineer
> > Rutgers Casualty Insurance Company
> > http://www.rutgersinsurance.com
> > ----- Original Message -----
> > From: "Jim Franz" <franz400@triad.rr.com>
> > To: <midrange-l@midrange.com>
> > Sent: Monday, December 31, 2001 12:57 PM
> > Subject: Re: Is IIS worth the risk?
> >
> >
> > > I think the article's description of "gigantic install base" refers to
> the
> > > desktops,
> > > not the servers. Email virus generally attack desktop Outlook &
Outlook
> > > Express
> > > (because it's easy and causes great "panic"). Behind the 26% IIS
servers
> > on
> > > the
> > > net are an incredible amount of desktops. Someone could theoretically
> > > interfere
> > > with the 5250 data stream, but who would notice?
> > > imho
> > > jim franz
> > >
> > > ----- Original Message -----
> > > From: "Adam Lang" <aalang@rutgersinsurance.com>
> > > To: <midrange-l@midrange.com>
> > > Sent: Monday, December 31, 2001 11:31 AM
> > > Subject: Re: Is IIS worth the risk?
> > >
> > >
> > > > Quote from article:
> > > >
> > > > "Worms, site defacements, and DDoS (distributed denial of service)
> > attacks
> > > > strike non-Microsoft servers daily. Microsoft simply makes a juicier
> > > target,
> > > > mostly by virtue of its gigantic installed base, than any of its
> > > > competitors."
> > > >
> > > > Which is a load of crap.  This justifies email viruses.  Apache owns
> 60%
> > > of
> > > > the webserver market.  IIS about 20 to 25%.
> > > >
> > > > Adam Lang
> > > > Systems Engineer
> > > > Rutgers Casualty Insurance Company
> > > > http://www.rutgersinsurance.com
> > > > ----- Original Message -----
> > > > From: <jpcarr@tredegar.com>
> > > > To: <midrange-l@midrange.com>
> > > > Sent: Monday, December 31, 2001 11:09 AM
> > > > Subject: Is IIS worth the risk?
> > > >
> > > >
> > > > >
> > > > > Neat article.
> > > > >
> > > > > http://www.infoworld.com/articles/tc/xml/01/12/24/011224tcpcp.xml
> > > > >
> > > > > Maybe should write to the writers and name some server that may
not
> > have
> > > > > had any publicity about being the target of viruses.
> > > > >
> > > > > John
> > >
> > >
> > >
> > > _______________________________________________
> > > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> > list
> > > To post a message email: MIDRANGE-L@midrange.com
> > > To subscribe, unsubscribe, or change list options,
> > > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> > > or email: MIDRANGE-L-request@midrange.com
> > > Before posting, please take a moment to review the archives
> > > at http://archive.midrange.com/midrange-l.
> > >
> > >
> >
> >
> >
> > _______________________________________________
> > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list
> > To post a message email: MIDRANGE-L@midrange.com
> > To subscribe, unsubscribe, or change list options,
> > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> > or email: MIDRANGE-L-request@midrange.com
> > Before posting, please take a moment to review the archives
> > at http://archive.midrange.com/midrange-l.
> >
> >
>
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> or email: MIDRANGE-L-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>





As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.