Cable Forum - View Single Post

Richard M · 11-05-2005, 18:08

One week, one unpatched XP box

Summary

I freed up a Linux box this week and I had an interesting idea.
In these days of the wild internet, I wondered what would happen to an unpatched Windows XP computer.

Well, I'm going to get a good chance to find out as this weekend is the start of The Experiment? - place an unpatched, unprotected Windows XP Pro computer on the internet and watch the results.
I happen to have several spare XP Pro disks, and the one I'm going to be using is the very first edition - no service packs here folks.

Machine Spec

The computer used is nothing particularly special, but is ideal because it's exactly the sort that your mum or dad will be using to check their mail and sell stuff on eBay.

AMD Athlon 1800+
512MB PC133 SDRAM
80GB IDE hard disk
NVidia GeForce 4 MX440
Soundblaster Live 5.1 soundcard
Standard 10/100 ethernet card

As previously stated, it will be Windows XP Pro running a default installation.
The only exceptions are detailed below.

Software & Firewall Configuration

There are several important changes that will be made to the OS:

Enabling of "Remote Desktop" - this will let me check the computer from work and lets me log in from any computer at home.
TCP/IP - static IP addressing will be used and the computer will be placed in a DMZ to protect the part of the network I want to keep secure.
The reserved ports 1-1024 will be opened on the firewall and configured to port-forward to the new machine.

Schedule

So when will this happen, and how?

I'll format the disk (currently running Linux) then install Windows XP on Saturday at around 12PM (UK time).
The configuration mentioned in the previous chapter will then take place, then the ethernet cable will be connected to the switch.

The test will run for one week, unless something really interesting happens that forces me to cut the test short or extend it.

Expectations & Possibilities

I'm expecting the box to be "0wned" within an hour, possibly less.
Depending on what happens, I might do some random browsing on a default Internet Explorer - sites that your kids might visit for example, all those flashing banner ads giving away free smiley icons etc.

I'm also expecting to be hit hard by the Blaster worm, this can cause the machine to reboot constantly which will make the test a bit difficult.
If this turns out to be the case, I'll have to stop the RPC service although it'll be interesting to see how long it takes to get infected.

SANS has a top 10 Windows threats list available.

Comments

Please post your comments in the below forum thread

11-05-2005, 18:08	#1
Richard M cf.mega poster Join Date: Jun 2003 Age: 29 Posts: 6,273	The ExperimentÃ¢â€žÂ¢ One week, one unpatched XP box Summary I freed up a Linux box this week and I had an interesting idea. In these days of the wild internet, I wondered what would happen to an unpatched Windows XP computer. Well, I'm going to get a good chance to find out as this weekend is the start of The Experiment? - place an unpatched, unprotected Windows XP Pro computer on the internet and watch the results. I happen to have several spare XP Pro disks, and the one I'm going to be using is the very first edition - no service packs here folks. Machine Spec The computer used is nothing particularly special, but is ideal because it's exactly the sort that your mum or dad will be using to check their mail and sell stuff on eBay. AMD Athlon 1800+ 512MB PC133 SDRAM 80GB IDE hard disk NVidia GeForce 4 MX440 Soundblaster Live 5.1 soundcard Standard 10/100 ethernet card As previously stated, it will be Windows XP Pro running a default installation. The only exceptions are detailed below. Software & Firewall Configuration There are several important changes that will be made to the OS: Enabling of "Remote Desktop" - this will let me check the computer from work and lets me log in from any computer at home. TCP/IP - static IP addressing will be used and the computer will be placed in a DMZ to protect the part of the network I want to keep secure. The reserved ports 1-1024 will be opened on the firewall and configured to port-forward to the new machine. Schedule So when will this happen, and how? I'll format the disk (currently running Linux) then install Windows XP on Saturday at around 12PM (UK time). The configuration mentioned in the previous chapter will then take place, then the ethernet cable will be connected to the switch. The test will run for one week, unless something really interesting happens that forces me to cut the test short or extend it. Expectations & Possibilities I'm expecting the box to be "0wned" within an hour, possibly less. Depending on what happens, I might do some random browsing on a default Internet Explorer - sites that your kids might visit for example, all those flashing banner ads giving away free smiley icons etc. I'm also expecting to be hit hard by the Blaster worm, this can cause the machine to reboot constantly which will make the test a bit difficult. If this turns out to be the case, I'll have to stop the RPC service although it'll be interesting to see how long it takes to get infected. SANS has a top 10 Windows threats list available. Comments Please post your comments in the below forum thread