And how do I:
"starting by iptable deny all of china" ? 

I can figure out the "iptable" part, it is the "china" part (and other 
possible places where I know I will only get spam from) that I am unaware 
of... 

Thanks!
Enrique 

Lisa Kachold writes: 

> 
> Well, the sad fact is that _any_ machine will kick over and barf it's guts 
> under distributed attacks; it just depends on what it does after the green 
> slime clears..
> Also, it really helps if you run one that won't take WRT, or only runs on an 
> arm, with small memory therefore they aren't too hot to pwn you.  Linksys put 
> out the source, whereupon I built my own, and played with the features; you 
> know kiddies are doing this also.   
> 
> Course, if you have a WRT-able router, it's a good idea to set it up as a 
> small linux system, but you have to know how to work it; starting by iptable 
> deny all of china is a good start.
> I have had mine owned regularly; I just flash it again.  Mine is easy to 
> determine, since it suddenly starts showing AIM ports open.  Once they target 
> you successfully, they will insidiously continue to keep track of you; rather 
> like trophy hunting.
> I could have done a complete defcon presentation on various routers by this 
> time.  
> That's why I always suggest to everyone, if you see something strange, you 
> see something strange, report it, complain, study it, rather than continuing 
> to agree with everyone in denial about the sad state of security.
> Obnosis | (503)754-4452 
> 
>  
> 
> 
> PLUG Linux Security Labs 2nd Saturday Each mo...@noon - 3PM 
> 
>  
> 
>  
> 
> 
>> Subject: Re: OT? Linux-based trojans now targeting WRT and other linux-based 
>> routers
>> From: t...@supertunaman.com
>> To: plug-discuss@lists.plug.phoenix.az.us
>> Date: Fri, 27 Mar 2009 17:57:34 -0700 
>> 
>> Excerpts from Charles Jones's message of Fri Mar 27 14:19:05 -0700 2009:
>> > http://www.linux-magazine.com/online/news/psyb0t_attacks_linux_routers_update
>> > 
>> > Some parts of this article made me LOL. Like:
>> > 
>> > "One type of malware connects primarily to a chat system such as IRC, 
>> > which your ordinary 14-year-old might join for the latest superstar 
>> > gossip."
>> > 
>> > and:
>> > 
>> > "Each IRC network usually has hundreds of these channels, typically 
>> > starting with a hash mark in its name, such as #superstars."
>> > 
>> > and:
>> > 
>> > "A participant joining a channel who is not a human is usually a program 
>> > called a bot. There are all kinds of bots lurking in the IRC, some of 
>> > them explain UNIX commands, look up bus schedules or forecast the 
>> > weather. Some, however, await special, often secret, commands"
>> > 
>> > Which prompted me to say on IRC:
>> > [03-27-2009 14:11:10] <Charles> hahaha
>> > [03-27-2009 14:12:54] * Charles is awaiting special secret commands
>> > [03-27-2009 14:13:28] <Charles> but only if you are a superstar
>> > 
>> > Seriously though, I sadly have a lot of experience being attacked by, 
>> > and hunting down and eradicating botnets. Infected routers are really 
>> > evil, since your typical user has no way to notice or see that something 
>> > is running that should not be. This could become a real problem as WRT 
>> > and other linux-based routers become more popular. 
>> 
>> I just wish I had come up with the idea of WRT-based botnets first. :< 
>> 
>> I guess the vendors will just have to set randomly generated default
>> passwords, and pass along a little card that says "omgwtfbbq ur password
>> lol". But you KNOW that they'll never get around to that soon.
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> _________________________________________________________________
> Internet Explorer 8 – Get your Hotmail Accelerated.  Download free!
> http://clk.atdmt.com/MRT/go/141323790/direct/01/
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Reply via email to