The BBC's Honeypot PC 344
Alex Pontin writes, "This article from the BBC shows how vulnerable XP Home really is. Using a highly protected XP Pro machine running VMWare, the BBC hosted an unprotected XP Home system to simulate what an 'average' home PC faces when connected to the internet." From the article: "Seven hours of attacks: 36 warnings that pop-up via Windows Messenger. 11 separate visits by Blaster worm. 3 separate attacks by Slammer worm. 1 attack aimed at Microsoft IIS Server. 2-3 "port scans" seeking weak spots in Windows software." The machine was attacked within seconds of being connected to the Internet, and at no time did more than 15 minutes elapse between attacks.
And the moral of the story is. (Score:3, Informative)
Of course, we all knew this already, didn't we? The results weren't suprising to me and I doubt that any of the regular /. crowd would be either. Yes, I mean you.
Yawn... (Score:4, Informative)
Their 'unprotected'=flawed (Score:4, Informative)
I can attest (I'm sure many can) to how fast an unpatched XP machine gets hit. I have an installation disc from 2002 (sp1). When I use it I install with the ethernet cable unplugged. After install I plug in the ethernet and go straight away to Windows update but still, on the last go, within 5 minutes I got a somewhat obviously (to me) fake and malicious pop-up telling me I'd better click on it to protect my computer.
Old news.. (Score:1, Informative)
BBC would have made it more interesting if they tested this in various scenarios -- no updates/firewall, SP2 with no firewall, SP2 with hardware firewall, etc. That way we could see what step(s) really let malware in.
Re:Slammer? Blaster? (Score:3, Informative)
Re:We have a Love connection. (Score:2, Informative)
Re:Well Duh! (Score:5, Informative)
I call BS (Score:3, Informative)
I Wished all broadcasting corporations were as 'backwards' as the Beeb.
Re:We have a Love connection. (Score:4, Informative)
So you are simply wrong.
C'mon, I hate MS but this is FUD (Score:3, Informative)
Of COURSE you get plastered with portscans and worms hammering against the "well known" ports. That's normal. Welcome to real life on the 'net. You think it's different for my *nix Machine? It's not. My firewall-log is getting flooded with kids and worms trying to find some unprotected ports, trying to connect to 21, 22, 23, 80 and so on, just to see if there's anything running they could use. The real question is, how many successful attacks did happen? Saying XP is insecure because a billion people hammered at its doors is FUD. When a million of those make it in, though, it's a different matter.
And yes, an unpatched WinXP is insecure. It simply is. Get a router and you're set against 99% of the external problems you may face. But then you still should not use the machine to access anything on the net, because some of the tools you're using (IE and Office being the two key players today) has known (and party unpatched) security issues that may cause execution of code when you're not really careful and know what you're doing.
In a nutshell, going online with a MS product that's not well firewalled and using anything but alternative software for the access of online resources is grossly negligent IMO.
Re:Well Duh! (Score:1, Informative)
Granted; but Windows XP does include a basic firewall and, post SP2, it is turned on by default.
Re:Indeed, AC (Score:3, Informative)
Even something as basic as NAT through a cheapie router will buy them all the time they need to connect to windows update.
It won't protect them from malicious connections once infected but because most all routers ignore incoming connection attempts the user is at least protected till patched (assuming the first thing they do is Windows Update, not pr0n surf).
-nB
Re:Well Duh! (Score:2, Informative)
Hasn't this been the case since SP2?
Maybe my copy of windows has been "enhanced" in this regard, but when I reinstall the firewall is installed and on.
Re:Well Duh! (Score:2, Informative)
Re:How vulnerable Windows XP really is? (Score:2, Informative)
The biggest problem here is that home users with OEM versions of XP that predate SP2 can run into trouble when they have to reinstall (not as frequent with XP as it was with Win9x but it does still happen from time to time). The most obvious solution is an external firewall.
Re:And? (Score:3, Informative)
It's not showing how weak an unpatched XP machine is, they're instead logging the attacks that are still happening on the Internet daily, and then showing the frequency of them. For instance, they logged 11 attempts in 7 hours from the Blaster worm. If, as some people are suggesting, they were just placing an unpatched machine on the Internet, the machine would have restarted from the very first Blaster attack.
Re:do Linksys Routers/Firewalls help? (Score:3, Informative)
A lot of Windows machines get zombied pretty fast these days, by fascinating web security vulnerability hacks when the owners go web browsing even for legitimate materials and the hacks are installed on "owned" servers. These zombies then open up a port to designated controller machines on the outside for control by remote entities such as spammers using the machines to send the spam from unblocked netwrks. It's a serious issue that won't be shown by this kind of passive honeypot.
Nice Fearmongering (Score:3, Informative)
Dude, it's 2003, they want their security holes back.
I'm not going to mince words: This story is BS. Lets take the money quote here:
Really? Once an hour, something that'll remotely own XPSP2, just being leaked out over the Internet?
OK, Windows Messenger service is disabled in XPSP2...Blaster hasn't worked in years, Slammer never even hit XP Home by default (you had to install Visio), IIS isn't even available for XP Home, and port scans aren't too relevant when you have a firewall on by default.
What a completely worthless story. You know, we have enough actual security problems going on (the glacier of cross site scripting exploits, what's going on in the online banking realm) that whinging about long solved problems is not only irresponsible; it's dangerous.
Re:Well Duh! (Score:3, Informative)
Re:Duh (Score:2, Informative)
Re:do Linksys Routers/Firewalls help? (Score:3, Informative)
Re:Doesn't Ubuntu have ssh? (Score:2, Informative)
A stock ubuntu install will broadcast DHCP and listen for the reply, and it will send DNS requests and listen for the result.
There's a bit of a dispute at the moment about having mDNS open (aka zeroconf) because in theory it should be even safer than listening to DHCP. But the 'no open ports' people won't allow it. mDNS can't tell you who to trust as a gateway or DNS server, where DHCP will.