[Tfug] Uptime

Zack Williams zdwzdw at gmail.com
Thu Apr 16 09:03:00 MST 2009


> It's really *-nice-* that the box is still up and running after 5 years, but
> OpenBSD 3.4 is vastly out of date.  I wouldn't be at all surprised if there
> were exploits that are available to attack that box (even though it's running
> OpenBSD).

In this case, the box is only doing NAT for a single windows 2000
computer running a proprietary video switching system, which is
accessed via VNC.   Its pretty much only running SSH, with most of the
bells and whistles turned off (v2 only, no scp, no root login, etc.),
and the accounts on the machine don't even get shell access - all they
can do is port forward the VNC port to that windows computer.

Most of OpenBSD's errata have to do with userland issues, which aren't
an issue as nobody uses the system in that manner.  The only point of
exposure is OpenSSH, which has a very good security history:

http://openssh.org/security.html

And if there was a major security hole found in OpenSSH, we'd have a
lot larger mess on our hands than some P2-350 box sitting in a closet
getting taken over.

In general I'm with you on the upgrading to patch security holes.

- Zack




More information about the tfug mailing list