Re: Are Linux boxes vulnerable to be used by botnets?

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\M+\Matt Graham at <-
MMMMMJon M. Hanson at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Anthony Boynes
Date:  
To: Main PLUG discussion list
Subject: Re: Are Linux boxes vulnerable to be used by botnets?
I now strictly use ssh key authentication for my home system, with a
password on the key of course.

One thing about port knocking - I have found in the past that an
extremely fast port scanner, such as scanrand, can hit all the ports
fast enough to get me to an ssh prompt on a machine using it. I don't
recall the exact timing sequence, but it was at least 3 port which
needed to be hit in a certain order. I found that quite interesting
when I discovered it.



On Mon, Mar 17, 2008 at 8:48 AM, Erich Newell <> wrote:
> I recommend Single Packet Authentication or Port Knocking for use in
> conjunction with your SSH service.
>
>
>
>
> On Mon, Mar 17, 2008 at 8:37 AM, Mike Bydalek
> <> wrote:
>
> > Jon M. Hanson wrote:
> > > Josef Lowder wrote:
> > >> .
> > >> Are Linux boxes vulnerable to be used by botnets?
> > >>
> > >> This article in USA Today is frightening.
> > >>
> > >>
> http://www.usatoday.com/tech/news/computersecurity/2008-03-16-computer-botnets_N.htm
> > >>
> > >>
> > > Probably at least once a day my Linux box that I have co-located is
> > > probed for a weak password /account through SSH. I'm not sure what
> > > they would do to the system if they got in and I'm not going to find
> > > out. When I see an SSH probe happen I track down who owns the IP and
> > > report it. I also nmap the IP to see what services are running on the
> > > system.
> > That seems like too much work =P Most of the probes, ssh attacks, etc.
> > that I see are from foreign countries and I really don't see much
> > benefit in reporting them. What I do on all my servers is use 2 little
> > tools to help stop these automated attacks: DenyHosts
> > (http://denyhosts.sourceforge.net/) and PortSentry
> > (http://sourceforge.net/projects/sentrytools/) With these 2, a high
> > number (I would say 99% but then I have no proof to back it up) of
> > attacks are immediately stopped in their tracks. If someone is doing a
> > port scan on your entire server, do you *really* think they're doing it
> > for a good reason?
> >
> > -Mike
> > ---------------------------------------------------
> > PLUG-discuss mailing list -
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
>
>
>
>
> --
> "A man is defined by the questions that he asks; and the way he goes about
> finding the answers to those questions is the way he goes through life."
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Are Linux boxes vulnerable to be used by botnets?Re: Are Linux boxes vulnerable to be used by botnets?->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)