Wulf Losee writes:
> Answer: I am not aware of any breakins; however, I think you have to ask
> yourself the question: "how -- through what mechanism -- would a breakin
> be accomplished?" PCs running multitasking OSs that offer TCP/IP-based
> services (rlogin, telnet, and ftp) are vulnerable from the Internet (without
> proper firewalls or router filters). So...
>
> Correct me if I'm wrong (please!), but since DOS and regular Windows (both
> Windows 3.x and and Windows for Warehouses) are not multitasking,
> multithreading operating systems it would be impossible to subvert these
> systems unless the cracker were dialing in through a modem or actually
> sitting at the PC's console.
>
Well, yeah, they're (potentially) vulnerable. Example: NCSA Telnet
and Clarkson University's modified/enhanced version of same (CUTCP)
are widely used, and the telnet client includes an ftp server. So,
when you're running telnet, you effectively have an ftp server running
as well. Now, if you haven't taken the necessary steps to password
protect access to this server (or have chosen bad passwords), anyone
can ftp into the system and replace, for example, autoexec.bat,
config.sys, whatever. The denial-of-service consequences should be
obvious, but applications can also be replaced with versions which
do all sorts of sneaky things.
And I'm no Windows expert, but Windows and WFW are *effectively*
multitasking, even if they don't fit some precise computer science
definition of the term. You can have multiple applications active
at any given time, and you have potential vulnerabilities through
virtually any network server process (even if that's not what
Microsoft would call it), such as ftp server, X server, etc.
> Windows NT might be a different story. In its base configuration Windows
> NT allows peer-to-peer networking through Microsloth's NetBEUI
> protocol, but NetBEUI services wouldn't be vulnerable from the Internet
> (they *might* be vulnerable from your LAN, however). There are third-
> party packages that allow Windows NT to host rlogin, telnet, or ftp
> sessions. If your firewall isn't properly configured, your Win NT PCs might
> be vulnerable from the Internet -- if you have enabled TCP/IP-based
> services (certainly I can telnet into a Windows NT PC on my network and
> use it as a jumping off point to telnet to yet other hosts).
>
> A. Padgett Peterson brings up a good point, though: PCs running UNIX OSs
> (XENIX, SCO, LINUX, etc.) are just as vulnerable as any other UNIX
> System.
>
> If I have overlooked some key point, PLEASE let me know.
>
> Thanks,
> Wulf
>
Larry Owen email: owen @
noc .
auburn .
edu
Campus Network Administrator phone: (205) 844-4110
Auburn University fax: (205) 844-9390
|
|
