Are Linux boxes vulnerable to be used by botnets?

Josef Lowder joe at actionline.com
Mon Mar 17 08:57:05 MST 2008


.
On Mon, 17 Mar 2008 08:37, Mike Bydalek wrote
> Jon M. Hanson wrote:
> > Josef Lowder wrote:
> >> Are Linux boxes vulnerable to be used by botnets?
> >>  
> > Probably at least once a day my Linux box that I have co-located is 
> > probed for a weak password /account through SSH. 

[snipped]

> That seems like too much work =P  Most of the probes, ssh attacks, 
> etc. that I see are from foreign countries and I really don't see 
> much benefit in reporting them.  What I do on all my servers is use 
> 2 little tools to help stop these automated attacks: DenyHosts 
> (http://denyhosts.sourceforge.net/) and PortSentry 
> (http://sourceforge.net/projects/sentrytools/)

[snipped]

This is all very interesting ... and confusing for my simple mind. 

It sounds like most of the replies to my question pertain to 
boxes that are used as "servers" and not just "regular users." 
Or are we all "servers"? 

Hans wrote: "... someone could take advantage of it to deliver
a payload that would turn GNU/Linux boxen into trojans."

How can I determine if one of my computers has had something 
like this done? 

Erich Newell wrote: "You will simple be 'pwnt' ..."

What does that mean? 

John Hanson wrote: "at least once a day my Linux box ...
is probed for a weak password /account through SSH."

How can I determine if one of my systems has been "probed"? 

Mike Bydalek wrote: "... all my servers is use 2 little tools 
to help stop these automated attacks: DenyHosts"

Is that something most Linux user should add to their system?




More information about the PLUG-discuss mailing list