Are Linux boxes vulnerable to be used by botnets?

Mike Bydalek mbydalek at compunetconsulting.com
Mon Mar 17 08:37:36 MST 2008


Jon M. Hanson wrote:
> Josef Lowder wrote:
>> .
>> Are Linux boxes vulnerable to be used by botnets?
>>
>> This article in USA Today is frightening.
>>
>> http://www.usatoday.com/tech/news/computersecurity/2008-03-16-computer-botnets_N.htm 
>>
>>  
> Probably at least once a day my Linux box that I have co-located is 
> probed for a weak password /account through SSH. I'm not sure what 
> they would do to the system if they got in and I'm not going to find 
> out. When I see an SSH probe happen I track down who owns the IP and 
> report it. I also nmap the IP to see what services are running on the 
> system.
That seems like too much work =P  Most of the probes, ssh attacks, etc. 
that I see are from foreign countries and I really don't see much 
benefit in reporting them.  What I do on all my servers is use 2 little 
tools to help stop these automated attacks: DenyHosts 
(http://denyhosts.sourceforge.net/) and PortSentry 
(http://sourceforge.net/projects/sentrytools/)  With these 2, a high 
number (I would say 99% but then I have no proof to back it up) of 
attacks are immediately stopped in their tracks.  If someone is doing a 
port scan on your entire server, do you *really* think they're doing it 
for a good reason?

-Mike


More information about the PLUG-discuss mailing list