Are Linux boxes vulnerable to be used by botnets?
Jon M. Hanson
jon at the-hansons-az.net
Mon Mar 17 06:12:43 MST 2008
Josef Lowder wrote:
> .
> Are Linux boxes vulnerable to be used by botnets?
>
> This article in USA Today is frightening.
>
> http://www.usatoday.com/tech/news/computersecurity/2008-03-16-computer-botnets_N.htm
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
Probably at least once a day my Linux box that I have co-located is
probed for a weak password /account through SSH. I'm not sure what they
would do to the system if they got in and I'm not going to find out.
When I see an SSH probe happen I track down who owns the IP and report
it. I also nmap the IP to see what services are running on the system.
Sometimes the attack will be coming from some company's web server
(which also has been compromised) but usually if there is a web server
it will have the default "It works" web page telling me that some
distribution sets up a guest account with no password or an
easily-guessed password. The SSH-probe script will try hundreds of
accounts though.
--
Jon M. Hanson (N7ZVJ)
Homepage: http://the-hansons-az.net
Weblog: http://the-hansons-az.net/wordpress
Jabber IM: jon at the-hansons-az.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20080317/fadb1570/attachment.pgp
More information about the PLUG-discuss
mailing list