Botnet preying on Linux computers delivers potent DDoS att

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read how to get help
Post Reply
User avatar
duneelliot
Level 4
Level 4
Posts: 346
Joined: Tue Sep 18, 2012 10:47 am

Botnet preying on Linux computers delivers potent DDoS att

Post by duneelliot »

http://arstechnica.com/security/2015/09 ... s-attacks/

How do we protect against this?
It suggests disabling remote root login as a protection, but how is this done?

We may not be complacent about security even in Linux, but I think we have a certain comfort so reading about this is a little bit of a shock to the system...both mine and the computer's.

Some advice and guidance on this one please.

BTW, wasn't sure exactly which forum to place this in so please move if necessary
Last edited by duneelliot on Tue Sep 29, 2015 5:05 pm, edited 1 time in total.
Habitual
Level 13
Level 13
Posts: 4863
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: Botnet preying on Linux computers delivers potent DDoS a

Post by Habitual »

Have a router? ;)

closed port 22?
XOR DDoS takes hold by cracking weak passwords used to protect the command shell of Linux computers.
User avatar
duneelliot
Level 4
Level 4
Posts: 346
Joined: Tue Sep 18, 2012 10:47 am

Re: Botnet preying on Linux computers delivers potent DDoS a

Post by duneelliot »

Habitual wrote:Have a router? ;)

closed port 22?
XOR DDoS takes hold by cracking weak passwords used to protect the command shell of Linux computers.
Gonna need a little more explanation than that! I'm still fairly new to configuring Linux and thus still learning.
Habitual
Level 13
Level 13
Posts: 4863
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: Botnet preying on Linux computers delivers potent DDoS a

Post by Habitual »

If you have a router, very little can pass through it to your machine without your explicitly opening a port and forwarding it to your computer.
It's called "port-forwarding". And you would have to explicitly port forward 22 to your machine on the router. Default setting should not allow port 22 forward,
or any port for that matter.

If you don't have a router, then 2 ways in:
ssh and the "evil maid" scenario (physically access your computer when you aren't 'looking')

If you don't have openssh-server installed, they can't very well access your machine using ssh <user>@<Your_ip> because port 22 is closed.
You can test this using

Code: Select all

telnet localhost 22
and you should get this result:

Code: Select all

telnet: Unable to connect to remote host: Connection refused
The XOR stuff can only be done from a machine they have physical access to.
And that can only be done (usually) via ssh, but there are other methods of physical access.
Google "Evil Maid" without the quotes (or with...) and have a read.
There is no Security w\out physical security, and if they can touch your box (via ssh or sit down at the computer and boot an evil usb stick),
you'd be toast.
BIOS password?
Physically Secure the computer (locked room/cabinet/large Pit Bull)
Change the boot order to exclude USB and other media booting from a reboot (CD/DVD).
Use strong passwords and change them often. Don't re-use them either, nor partial pieces of previous passwords.

You need to be able to inhibit anyone from being able to physically touch your system.
But locks are for honest folks, so these days, these measures only slow bad guys down, not stop them.
Hope that helps.
Last edited by Habitual on Wed Sep 30, 2015 9:01 am, edited 5 times in total.
User avatar
duneelliot
Level 4
Level 4
Posts: 346
Joined: Tue Sep 18, 2012 10:47 am

Re: Botnet preying on Linux computers delivers potent DDoS a

Post by duneelliot »

Okay, thank you. That made a lot more sense.
Habitual
Level 13
Level 13
Posts: 4863
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: Botnet preying on Linux computers delivers potent DDoS a

Post by Habitual »

You are welcome.
Shryp
Level 2
Level 2
Posts: 69
Joined: Tue Sep 08, 2015 2:13 am

Re: Botnet preying on Linux computers delivers potent DDoS a

Post by Shryp »

A lot of routers (and small set top appliances in general) run linux as well, so make sure those have any updates applied to them as well as changing the username and password for the login to configure them. For added security (usually complexity and extra features too) consider third party firmware.
Habitual
Level 13
Level 13
Posts: 4863
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: Botnet preying on Linux computers delivers potent DDoS a

Post by Habitual »

Shryp brings up a good point.
wrt: Off the shelf routers.
They need configuration for added security also.
Tips for Securing Your Home Router is an excellent summary of what should be done.
User avatar
duneelliot
Level 4
Level 4
Posts: 346
Joined: Tue Sep 18, 2012 10:47 am

Re: Botnet preying on Linux computers delivers potent DDoS a

Post by duneelliot »

Will follow all suggestions; just have to see if I can find my router password. I did look into this a little yesterday when I got home.
BigEasy
Level 6
Level 6
Posts: 1293
Joined: Mon Nov 24, 2014 9:17 am
Location: Chrząszczyżewoszyce, powiat Łękołody

Re: Botnet preying on Linux computers delivers potent DDoS a

Post by BigEasy »

XOR DDoS takes hold by cracking weak passwords used to protect the command shell of Linux computers
It had to happen sooner or later. Who can imagine the amount of total idiots installed Linux last 2-3 years? For example, who restrict them to set password to '12345' during installation then expose themselfs to internet ? By the way, most of then came from the preinstalled Windows.
Windows assumes I'm stupid but Linux demands proof of it
User avatar
duneelliot
Level 4
Level 4
Posts: 346
Joined: Tue Sep 18, 2012 10:47 am

Re: Botnet preying on Linux computers delivers potent DDoS a

Post by duneelliot »

http://www.techrepublic.com/article/why ... o-windows/

As mentioned in the next article, the chances of 99.99% of Linux users getting infected is infinitesimally small. Not anything to worry about this time.
User avatar
NathanRodriguez
Level 2
Level 2
Posts: 64
Joined: Wed Sep 30, 2015 1:40 pm
Location: Brazil
Contact:

Re: Botnet preying on Linux computers delivers potent DDoS a

Post by NathanRodriguez »

The passwords aren't strong by default limited by pam rules?
Mint 17.2 Xfce | Lubuntu Linux Ubuntu 14.04 LTS
My blog: VST Plugins Free Download
Hoser Rob
Level 16
Level 16
Posts: 6817
Joined: Sat Dec 15, 2012 8:57 am

Re: Botnet preying on Linux computers delivers potent DDoS a

Post by Hoser Rob »

Despite the alarmist tone of that ars technica article this is a very long term issue with linux. Linux is pretty ubiquitous on servers and since often the whole point of a dDOS attack is ransom, they're a common target. It ain't new.

What they're often really hoping for is a machine where one of their IT people forgot to change the default password when they installed the system. That's just about the oldest trick in the book and it still happens. Even very good techs forget sometimes.

Linux may be just about the most secure OS you can get but you still definitely need a good password.

Many windows users think all security issues are virus related. I see a lot of posts on linux forums by windows users new to linux who are shocked to discover that you can still get hacked without a virus.
Habitual
Level 13
Level 13
Posts: 4863
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: Botnet preying on Linux computers delivers potent DDoS a

Post by Habitual »

Here's a list of items on the system to check for to determine if your part of this Botnet.

It's a server thing, not a desktop thing.
User avatar
duneelliot
Level 4
Level 4
Posts: 346
Joined: Tue Sep 18, 2012 10:47 am

Re: Botnet preying on Linux computers delivers potent DDoS a

Post by duneelliot »

Thanks for the links. This forum really needs some "Thanks" buttons next to each post.
Habitual
Level 13
Level 13
Posts: 4863
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: Botnet preying on Linux computers delivers potent DDoS a

Post by Habitual »

duneelliot wrote:Thanks for the links.
You are welcome.
User avatar
MtnDewManiac
Level 6
Level 6
Posts: 1478
Joined: Fri Feb 22, 2013 5:18 pm
Location: United States

Re: Botnet preying on Linux computers delivers potent DDoS a

Post by MtnDewManiac »

duneelliot wrote:As mentioned in the next article, the chances of 99.99% of Linux users getting infected is infinitesimally small. Not anything to worry about this time.
Lol. The chances of that large of a percentage of any population getting affected by the same thing always is infinitesimally small. Why, you could line the entire population of a large city up against a wall (it'd have to be a long one, I suppose) and walk along that wall shooting at each and every person's forehead and the odds are that more than .01% would survive (at least initially).

I doubt there is a virus/attack that has managed to affect all but .01% of the users of a Microsoft OS :roll: .

Regards,
MDM
Mint 18 Xfce 4.12.

If guns kill people, then pencils misspell words, cars make people drive drunk, and spoons made Rosie O'Donnell fat.
Post Reply

Return to “Other topics”