Page 1 of 1

Botnet preying on Linux computers delivers potent DDoS att

Posted: Tue Sep 29, 2015 4:50 pm
by duneelliot
http://arstechnica.com/security/2015/09 ... s-attacks/

How do we protect against this?
It suggests disabling remote root login as a protection, but how is this done?

We may not be complacent about security even in Linux, but I think we have a certain comfort so reading about this is a little bit of a shock to the system...both mine and the computer's.

Some advice and guidance on this one please.

BTW, wasn't sure exactly which forum to place this in so please move if necessary

Re: Botnet preying on Linux computers delivers potent DDoS a

Posted: Tue Sep 29, 2015 5:04 pm
by Habitual
Have a router? ;)

closed port 22?
XOR DDoS takes hold by cracking weak passwords used to protect the command shell of Linux computers.

Re: Botnet preying on Linux computers delivers potent DDoS a

Posted: Tue Sep 29, 2015 5:06 pm
by duneelliot
Habitual wrote:Have a router? ;)

closed port 22?
XOR DDoS takes hold by cracking weak passwords used to protect the command shell of Linux computers.
Gonna need a little more explanation than that! I'm still fairly new to configuring Linux and thus still learning.

Re: Botnet preying on Linux computers delivers potent DDoS a

Posted: Tue Sep 29, 2015 5:21 pm
by Habitual
If you have a router, very little can pass through it to your machine without your explicitly opening a port and forwarding it to your computer.
It's called "port-forwarding". And you would have to explicitly port forward 22 to your machine on the router. Default setting should not allow port 22 forward,
or any port for that matter.

If you don't have a router, then 2 ways in:
ssh and the "evil maid" scenario (physically access your computer when you aren't 'looking')

If you don't have openssh-server installed, they can't very well access your machine using ssh <user>@<Your_ip> because port 22 is closed.
You can test this using

Code: Select all

telnet localhost 22
and you should get this result:

Code: Select all

telnet: Unable to connect to remote host: Connection refused
The XOR stuff can only be done from a machine they have physical access to.
And that can only be done (usually) via ssh, but there are other methods of physical access.
Google "Evil Maid" without the quotes (or with...) and have a read.
There is no Security w\out physical security, and if they can touch your box (via ssh or sit down at the computer and boot an evil usb stick),
you'd be toast.
BIOS password?
Physically Secure the computer (locked room/cabinet/large Pit Bull)
Change the boot order to exclude USB and other media booting from a reboot (CD/DVD).
Use strong passwords and change them often. Don't re-use them either, nor partial pieces of previous passwords.

You need to be able to inhibit anyone from being able to physically touch your system.
But locks are for honest folks, so these days, these measures only slow bad guys down, not stop them.
Hope that helps.

Re: Botnet preying on Linux computers delivers potent DDoS a

Posted: Tue Sep 29, 2015 5:26 pm
by duneelliot
Okay, thank you. That made a lot more sense.

Re: Botnet preying on Linux computers delivers potent DDoS a

Posted: Tue Sep 29, 2015 5:34 pm
by Habitual
You are welcome.

Re: Botnet preying on Linux computers delivers potent DDoS a

Posted: Wed Sep 30, 2015 5:01 am
by Shryp
A lot of routers (and small set top appliances in general) run linux as well, so make sure those have any updates applied to them as well as changing the username and password for the login to configure them. For added security (usually complexity and extra features too) consider third party firmware.

Re: Botnet preying on Linux computers delivers potent DDoS a

Posted: Wed Sep 30, 2015 9:05 am
by Habitual
Shryp brings up a good point.
wrt: Off the shelf routers.
They need configuration for added security also.
Tips for Securing Your Home Router is an excellent summary of what should be done.

Re: Botnet preying on Linux computers delivers potent DDoS a

Posted: Wed Sep 30, 2015 9:19 am
by duneelliot
Will follow all suggestions; just have to see if I can find my router password. I did look into this a little yesterday when I got home.

Re: Botnet preying on Linux computers delivers potent DDoS a

Posted: Wed Sep 30, 2015 2:17 pm
by BigEasy
XOR DDoS takes hold by cracking weak passwords used to protect the command shell of Linux computers
It had to happen sooner or later. Who can imagine the amount of total idiots installed Linux last 2-3 years? For example, who restrict them to set password to '12345' during installation then expose themselfs to internet ? By the way, most of then came from the preinstalled Windows.

Re: Botnet preying on Linux computers delivers potent DDoS a

Posted: Wed Sep 30, 2015 2:36 pm
by duneelliot
http://www.techrepublic.com/article/why ... o-windows/

As mentioned in the next article, the chances of 99.99% of Linux users getting infected is infinitesimally small. Not anything to worry about this time.

Re: Botnet preying on Linux computers delivers potent DDoS a

Posted: Wed Sep 30, 2015 5:43 pm
by NathanRodriguez
The passwords aren't strong by default limited by pam rules?

Re: Botnet preying on Linux computers delivers potent DDoS a

Posted: Thu Oct 01, 2015 11:37 am
by Hoser Rob
Despite the alarmist tone of that ars technica article this is a very long term issue with linux. Linux is pretty ubiquitous on servers and since often the whole point of a dDOS attack is ransom, they're a common target. It ain't new.

What they're often really hoping for is a machine where one of their IT people forgot to change the default password when they installed the system. That's just about the oldest trick in the book and it still happens. Even very good techs forget sometimes.

Linux may be just about the most secure OS you can get but you still definitely need a good password.

Many windows users think all security issues are virus related. I see a lot of posts on linux forums by windows users new to linux who are shocked to discover that you can still get hacked without a virus.

Re: Botnet preying on Linux computers delivers potent DDoS a

Posted: Thu Oct 01, 2015 6:50 pm
by Habitual

Re: Botnet preying on Linux computers delivers potent DDoS a

Posted: Fri Oct 02, 2015 3:21 pm
by Habitual
Here's a list of items on the system to check for to determine if your part of this Botnet.

It's a server thing, not a desktop thing.

Re: Botnet preying on Linux computers delivers potent DDoS a

Posted: Fri Oct 02, 2015 3:43 pm
by duneelliot
Thanks for the links. This forum really needs some "Thanks" buttons next to each post.

Re: Botnet preying on Linux computers delivers potent DDoS a

Posted: Fri Oct 02, 2015 3:56 pm
by Habitual
duneelliot wrote:Thanks for the links.
You are welcome.

Re: Botnet preying on Linux computers delivers potent DDoS a

Posted: Fri Oct 02, 2015 9:36 pm
by MtnDewManiac
duneelliot wrote:As mentioned in the next article, the chances of 99.99% of Linux users getting infected is infinitesimally small. Not anything to worry about this time.
Lol. The chances of that large of a percentage of any population getting affected by the same thing always is infinitesimally small. Why, you could line the entire population of a large city up against a wall (it'd have to be a long one, I suppose) and walk along that wall shooting at each and every person's forehead and the odds are that more than .01% would survive (at least initially).

I doubt there is a virus/attack that has managed to affect all but .01% of the users of a Microsoft OS :roll: .

Regards,
MDM