On Mon, Mar 17, 2008 at 09:57:05AM -0600, Josef Lowder wrote: > . > On Mon, 17 Mar 2008 08:37, Mike Bydalek wrote > > Jon M. Hanson wrote: > > > Josef Lowder wrote: > > >> Are Linux boxes vulnerable to be used by botnets? > > >> > > > Probably at least once a day my Linux box that I have co-located is > > > probed for a weak password /account through SSH. > > [snipped] > > > That seems like too much work =P Most of the probes, ssh attacks, > > etc. that I see are from foreign countries and I really don't see > > much benefit in reporting them. What I do on all my servers is use > > 2 little tools to help stop these automated attacks: DenyHosts > > (http://denyhosts.sourceforge.net/) and PortSentry > > (http://sourceforge.net/projects/sentrytools/) > > [snipped] > > This is all very interesting ... and confusing for my simple mind. > > It sounds like most of the replies to my question pertain to > boxes that are used as "servers" and not just "regular users." > Or are we all "servers"? > > Hans wrote: "... someone could take advantage of it to deliver > a payload that would turn GNU/Linux boxen into trojans." > > How can I determine if one of my computers has had something > like this done? > > Erich Newell wrote: "You will simple be 'pwnt' ..." > > What does that mean? > > John Hanson wrote: "at least once a day my Linux box ... > is probed for a weak password /account through SSH." > > How can I determine if one of my systems has been "probed"? > > Mike Bydalek wrote: "... all my servers is use 2 little tools > to help stop these automated attacks: DenyHosts" > > Is that something most Linux user should add to their system? > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss In the SSH case I just watch my system logs. Suddenly there will be a ton of attempts to logon to accounts on my system (most of which don't exist). The automated attempts don't bother me. They're just wasting their time since I either use public key authentication or a very strong password. I've also seen a similar thing happen on the POP3 port. --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss