Josef Lowder wrote:
> .
> Are Linux boxes vulnerable to be used by botnets?
>
> This article in USA Today is frightening.
>
> http://www.usatoday.com/tech/news/computersecurity/2008-03-16-computer-botnets_N.htm
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
Probably at least once a day my Linux box that I have co-located is
probed for a weak password /account through SSH. I'm not sure what they
would do to the system if they got in and I'm not going to find out.
When I see an SSH probe happen I track down who owns the IP and report
it. I also nmap the IP to see what services are running on the system.
Sometimes the attack will be coming from some company's web server
(which also has been compromised) but usually if there is a web server
it will have the default "It works" web page telling me that some
distribution sets up a guest account with no password or an
easily-guessed password. The SSH-probe script will try hundreds of
accounts though.
--
Jon M. Hanson (N7ZVJ)
Homepage: http://the-hansons-az.net
Weblog: http://the-hansons-az.net/wordpress
Jabber IM: jon@the-hansons-az.net
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)
