Josef Lowder wrote:
> .
> Are Linux boxes vulnerable to be used by botnets?
>
> This article in USA Today is frightening.
>
> http://www.usatoday.com/tech/news/computersecurity/2008-03-16-computer-botnets_N.htm
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>   
Probably at least once a day my Linux box that I have co-located is 
probed for a weak password /account through SSH. I'm not sure what they 
would do to the system if they got in and I'm not going to find out. 
When I see an SSH probe happen I track down who owns the IP and report 
it. I also nmap the IP to see what services are running on the system. 
Sometimes the attack will be coming from some company's web server 
(which also has been compromised) but usually if there is a web server 
it will have the default "It works" web page telling me that some 
distribution sets up a guest account with no password or an 
easily-guessed password. The SSH-probe script will try hundreds of 
accounts though.


-- 
Jon M. Hanson (N7ZVJ)
Homepage:  http://the-hansons-az.net
Weblog:    http://the-hansons-az.net/wordpress
Jabber IM: jon@the-hansons-az.net