Re: Strange network activity after updates
On Sat, 04 Aug 2012 17:40:53 -0300, Henrique de Moraes Holschuh wrote:
> On Sat, 04 Aug 2012, Camaleón wrote:
>> > I know the constant connection is a multicast address, but what is
>> > this other stuff? It looks like something is broken/misconfigured or
>> > an outright hack of the Debian repository has occurred and many
>> > Debian systems are now part of a botnet.
>>
>> Linux as part of a botnet? That's a good one :-P
>
> Now, here I will have to step in. No, it is not a good one. Linux
> nodes _are_ commonly co-opted to act as C&C for botnets. And
> browser-based ephemeral botnet nodes (in javascript, installed by
> drive-by attacks) DO work in Linux.
I've never read about linux boxes being used as bots, can you please
indicate any report/stats about that fact?
(and please, do not put linux *servers* in the same bag, I speak here
about linux *desktops* not computers with opened ports and running out-of-
date and unpatched software)
>> > My Debian box is staying offline until I find out what is going on.
>>
>> That's sounds a bit radical :-o
>
> It is actually a very responsible way of handling it.
With the given data? Running Debian? Behind a home router which usually
come by default with NAT and firewall enabled? I don't think so. Really.
Greetings,
--
Camaleón
Reply to: