On Thu, 2006-03-09 at 15:42, Rick DeNatale wrote: > On 09 Mar 2006 10:42:49 -0500, jonc <[EMAIL PROTECTED]> wrote: > > > BTW: I've reported many, many folks (from the US) that have their Linux > > boxen taken over by script kiddies. Most times the folks are *very* > > responsive and apologetic. In every case, the folks put up a standard > > install without any hardening or firewalling. > > Actually those zombies are much more likely to be Windows boxen, and > corporate ones at that. > > >From http://blog.washingtonpost.com/securityfix/2006/03/post.html
Yes, zombies are much more likely to be Windows boxen - since they are the tool of choice for the already clueless. The particular attack we were discussing however is a beast that lives mainly in the world of Linux. The attacks are mainly from Linux boxen that folks have installed to play around with. I get two or three IP addresses every day from bots probing for SSH vulnerabilities in my ever-expanding network. Some days I get twenty or more. The folks who actually own the zombied boxen are fairly easy to track down (at least the ones that are not from Korea or China). Most of the folks respond right away... and "Yes" the folks admit, "it is a linux box... I just installed it last week and haven't gotten around to playing with it." Well someone else beat you to it. The clueless are finding their way to Linux. And while this is a very good sign for Open Source, it is also a great portent of things to come. Jon Carnes -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
