And how do I: "starting by iptable deny all of china" ? I can figure out the "iptable" part, it is the "china" part (and other possible places where I know I will only get spam from) that I am unaware of...
Thanks! Enrique Lisa Kachold writes: > > Well, the sad fact is that _any_ machine will kick over and barf it's guts > under distributed attacks; it just depends on what it does after the green > slime clears.. > Also, it really helps if you run one that won't take WRT, or only runs on an > arm, with small memory therefore they aren't too hot to pwn you. Linksys put > out the source, whereupon I built my own, and played with the features; you > know kiddies are doing this also. > > Course, if you have a WRT-able router, it's a good idea to set it up as a > small linux system, but you have to know how to work it; starting by iptable > deny all of china is a good start. > I have had mine owned regularly; I just flash it again. Mine is easy to > determine, since it suddenly starts showing AIM ports open. Once they target > you successfully, they will insidiously continue to keep track of you; rather > like trophy hunting. > I could have done a complete defcon presentation on various routers by this > time. > That's why I always suggest to everyone, if you see something strange, you > see something strange, report it, complain, study it, rather than continuing > to agree with everyone in denial about the sad state of security. > Obnosis | (503)754-4452 > > > > > PLUG Linux Security Labs 2nd Saturday Each mo...@noon - 3PM > > > > > > >> Subject: Re: OT? Linux-based trojans now targeting WRT and other linux-based >> routers >> From: t...@supertunaman.com >> To: plug-discuss@lists.plug.phoenix.az.us >> Date: Fri, 27 Mar 2009 17:57:34 -0700 >> >> Excerpts from Charles Jones's message of Fri Mar 27 14:19:05 -0700 2009: >> > http://www.linux-magazine.com/online/news/psyb0t_attacks_linux_routers_update >> > >> > Some parts of this article made me LOL. Like: >> > >> > "One type of malware connects primarily to a chat system such as IRC, >> > which your ordinary 14-year-old might join for the latest superstar >> > gossip." >> > >> > and: >> > >> > "Each IRC network usually has hundreds of these channels, typically >> > starting with a hash mark in its name, such as #superstars." >> > >> > and: >> > >> > "A participant joining a channel who is not a human is usually a program >> > called a bot. There are all kinds of bots lurking in the IRC, some of >> > them explain UNIX commands, look up bus schedules or forecast the >> > weather. Some, however, await special, often secret, commands" >> > >> > Which prompted me to say on IRC: >> > [03-27-2009 14:11:10] <Charles> hahaha >> > [03-27-2009 14:12:54] * Charles is awaiting special secret commands >> > [03-27-2009 14:13:28] <Charles> but only if you are a superstar >> > >> > Seriously though, I sadly have a lot of experience being attacked by, >> > and hunting down and eradicating botnets. Infected routers are really >> > evil, since your typical user has no way to notice or see that something >> > is running that should not be. This could become a real problem as WRT >> > and other linux-based routers become more popular. >> >> I just wish I had come up with the idea of WRT-based botnets first. :< >> >> I guess the vendors will just have to set randomly generated default >> passwords, and pass along a little card that says "omgwtfbbq ur password >> lol". But you KNOW that they'll never get around to that soon. >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > _________________________________________________________________ > Internet Explorer 8 – Get your Hotmail Accelerated. Download free! > http://clk.atdmt.com/MRT/go/141323790/direct/01/ --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
