Steffen Dettmer wrote:
And I'm sure: an expirienced attacher/intruder get's such informations quickly, since he/she spent a lot of time searching for such things. They might attack if the find a security update somewhere. They have some time to test for vulnerabilities. And if the exploit becomes public, then they can try it on machines, since the admin cannot update just in time.
Consider all those scans that you can find in your logs. Are those attackers capable to keep track of the combinations of IP addresses, services and versions in a database ? Would they be capable, as soon as a vulnerability is known to them, to search their database for IP addresses with that particular version of that service ? I'm afraid a system administrator has to be informed on vulnerabilities as soon as they show up. In the worst case he might consider to shut down the service. But as long as he's not informed he doesn't know that he has a problem and his systems will be open for an attack. That's not what I prefer. Regards, Fred Mobach