|
|
Focus on Apple
several news stories on Macs being zombies Jan 08 2007 04:03AM kevhoy (kevhoy gmail com) (2 replies) RE: several news stories on Macs being zombies Jan 08 2007 05:39PM Spransy, Derek (DSPRANS emory edu) (1 replies) Re: several news stories on Macs being zombies Jan 08 2007 06:58PM gjgowey tmo blackberry net (3 replies) Re: several news stories on Macs being zombies Jan 16 2007 07:32PM David Fedoruk (david fedoruk gmail com) (2 replies) Re: several news stories on Macs being zombies Jan 18 2007 03:23PM Jeremy Reichman (jjracc rit edu) (1 replies) Re: several news stories on Macs being zombies Jan 18 2007 03:34PM Dave Schroeder (das doit wisc edu) (1 replies) Re: several news stories on Macs being zombies Jan 18 2007 03:48PM Jeremy Reichman (jjracc rit edu) (1 replies) Re: several news stories on Macs being zombies Jan 18 2007 03:55PM Philip Rinehart (philip rinehart yale edu) (1 replies) Re: several news stories on Macs being zombies Jan 18 2007 04:05PM Dave Schroeder (das doit wisc edu) (1 replies) Re: several news stories on Macs being zombies Jan 17 2007 02:02AM david (macosxforme gmail com) (1 replies) RE: several news stories on Macs being zombies Jan 18 2007 03:16PM Todd Woodward (todd_woodward symantec com) (1 replies) Re: several news stories on Macs being zombies Jan 18 2007 03:32PM Dave Schroeder (das doit wisc edu) (1 replies) Re: several news stories on Macs being zombies Jan 18 2007 03:52PM Dave Schroeder (das doit wisc edu) Re: several news stories on Macs being zombies Jan 09 2007 06:57AM Nerijus Krukauskas (nkrukauskas gmail com) Re: several news stories on Macs being zombies Jan 08 2007 04:57PM Dave Schroeder (das doit wisc edu) |
|
Privacy Statement |
http://denyhosts.sourceforge.net/
________________________________
From: listbounce (at) securityfocus (dot) com [email concealed] on behalf of gjgowey (at) tmo.blackberry (dot) net [email concealed]
Sent: Mon 1/8/2007 1:58 PM
To: Spransy, Derek; listbounce (at) securityfocus (dot) com [email concealed]; kevhoy; focus-apple (at) securityfocus (dot) com [email concealed]
Subject: Re: several news stories on Macs being zombies
Password access via SSH should be banned. On my colo'd server I have public key authentication as the only valid authentication method enabled. However, I still notice numerous attempts in my log files of trying brute force attacks. I've seen upwards of over 1000+ tries from the same IP in some instances. SSH really needs better defense mechanisms against these script kiddies like a timeout for some period of time for an IP when they're trying an obvious brute force.
Sent from my BlackBerry wireless handheld.
-----Original Message-----
From: "Spransy, Derek" <DSPRANS (at) emory (dot) edu [email concealed]>
Date: Mon, 8 Jan 2007 12:39:38
To:"kevhoy" <kevhoy (at) gmail (dot) com [email concealed]>, <focus-apple (at) securityfocus (dot) com [email concealed]>
Subject: RE: several news stories on Macs being zombies
We've has several instances where Macs have been used for DDoS attacks and distributing spam. Each time the machines were compromised via SSH brute force attacks. The systems would have SSH enabled and local user accounts with usernames and passwords such as test or temp. The attacker didn't exploit a vulnerability in these cases, just a bad configuration. We do not enable SSH on our workstations as a rule, however, some faculty and staff take it upon themselves to do so. As a result we've begun putting in our own custom sshd_config files that prevent root login via SSH and restrict SSH logins to our admin accounts only.
Don't forget that at its heart OS X is UNIX. Apple also uses open source software such as OpenSSH and Samba which makes OS X as susceptible as any UNIX or Linux box to attacks utilizing flaws in that software. However, as far as I know, we've never had a compromise that was the direct result of true vulnerability exploitation on the Apple platform.
-Derek
Derek Spransy
Emory College of Arts and Sciences
Emory University
Derek.spransy (at) emory (dot) edu [email concealed]
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of kevhoy
Sent: Sunday, January 07, 2007 11:04 PM
To: focus-apple (at) securityfocus (dot) com [email concealed]
Subject: several news stories on Macs being zombies
This weekend, I have seen several stories that say some version of the following.
While some zombie computer crimes have been linked to computers running Linux or Macintosh operating systems, officials have warned that Windows systems are the most susceptible.
http://www.upi.com/NewsTrack/view.php?StoryID=20070107-042614-5177r
So far botnets have predominantly infected Windows-based computers, although there have been scattered reports of botnet-related attacks on computers running the Linux and Macintosh operating systems.
http://www.nytimes.com/2007/01/07/technology/07net.html?_r=1&oref=slogin
Is there any real true to these reports? I haven't seen this reported here or anywhere else. Are these just repeating the same story? Could some one please elaborate if this is truly happening?
Kevin Hoyland
Iowa City Community School District
<HTML dir=ltr><HEAD><TITLE>Re: several news stories on Macs being zombies</TITLE>
<META http-equiv=Content-Type content="text/html; charset=unicode">
<META content="MSHTML 6.00.5730.11" name=GENERATOR></HEAD>
<BODY>
<DIV id=idOWAReplyText41691 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Denyhosts is a wonderful automated SSH defense tool, and works very well in OS X. </FONT></DIV>
<DIV dir=ltr><A href="http://denyhosts.sourceforge.net/">http://denyhosts.sourceforge.ne
t/</A></DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> listbounce (at) securityfocus (dot) com [email concealed] on behalf of gjgowey (at) tmo.blackberry (dot) net [email concealed]<BR><B>Sent:</B> Mon 1/8/2007 1:58 PM<BR><B>To:</B> Spransy, Derek; listbounce (at) securityfocus (dot) com [email concealed]; kevhoy; focus-apple (at) securityfocus (dot) com [email concealed]<BR><B>Subject:</B> Re: several news stories on Macs being zombies<BR></FONT><BR></DIV></DIV>
<DIV>
<P><FONT size=2>Password access via SSH should be banned. On my colo'd server I have public key authentication as the only valid authentication method enabled. However, I still notice numerous attempts in my log files of trying brute force attacks. I've seen upwards of over 1000+ tries from the same IP in some instances. SSH really needs better defense mechanisms against these script kiddies like a timeout for some period of time for an IP when they're trying an obvious brute force.<BR><BR><BR>Sent from my BlackBerry wireless handheld. <BR><BR>-----Original Message-----<BR>From: "Spransy, Derek" <DSPRANS (at) emory (dot) edu [email concealed]><BR>Date: Mon, 8 Jan 2007 12:39:38<BR>To:"kevhoy" <kevhoy (at) gmail (dot) com [email concealed]>, <focus-apple (at) securityfocus (dot) com [email concealed]><BR>Subject: RE: several news stories on Macs being zombies<BR><BR>We’ve has several instances where Macs have been used for DDoS attacks and distributing spam. Each time the machines were compromised via SSH brute force attacks. The systems would have SSH enabled and local user accounts with usernames and passwords such as test or temp. The attacker didn’t exploit a vulnerability in these cases, just a bad configuration. We do not enable SSH on our workstations as a rule, however, some faculty and staff take it upon themselves to do so. As a result we’ve begun putting in our own custom sshd_config files that prevent root login via SSH and restrict SSH logins to our admin accounts only. <BR><BR> <BR><BR>Don’t forget that at its heart OS X is UNIX. Apple also uses open source software such as OpenSSH and Samba which makes OS X as susceptible as any UNIX or Linux box to attacks utilizing flaws in that software. However, as far as I know, we’ve never had a compromise that was the direct result of true vulnerability exploitation on the Apple platform.<BR><BR> <BR><BR>-Derek<BR><BR> <BR><BR>Derek Spransy<BR><BR>Emory College of Arts and Sciences<BR><BR>Emory University<BR><BR>Derek.spransy (at) emory (dot) edu [email concealed]<BR><BR> <BR><BR><BR><BR>F
rom: listbounce (at) securityfocus (dot) com [email concealed] [<A href="mailto:listbounce (at) securityfocus (dot) com [email concealed]">mailto:listbounce@securityfoc
us.com</A>] On Behalf Of kevhoy<BR> Sent: Sunday, January 07, 2007 11:04 PM<BR> To: focus-apple (at) securityfocus (dot) com [email concealed]<BR> Subject: several news stories on Macs being zombies<BR><BR> <BR><BR>This weekend, I have seen several stories that say some version of the following.<BR><BR><BR> <BR><BR>While some zombie computer crimes have been linked to computers running Linux or Macintosh operating systems, officials have warned that Windows systems are the most susceptible.<BR><BR><A href="http://www.upi.com/NewsTrack/view.php?StoryID=20070107-042614-5177
r">http://www.upi.com/NewsTrack/view.php?StoryID=20070107-042614-5177r</
A><BR><BR> <BR><BR>So far botnets have predominantly infected Windows-based computers, although there have been scattered reports of botnet-related attacks on computers running the Linux and Macintosh operating systems. <BR><BR><A href="http://www.nytimes.com/2007/01/07/technology/07net.html?_r=1&o
ref=slogin">http://www.nytimes.com/2007/01/07/technology/07net.html?_r=1
&oref=slogin</A><BR><BR> <BR><BR>Is there any real true to these reports? I haven't seen this reported here or anywhere else. Are these just repeating the same story? Could some one please elaborate if this is truly happening?<BR><BR> <BR><BR>Kevin Hoyland<BR><BR>Iowa City Community School District<BR> </FONT> </P></DIV></BODY></HTML>
[ reply ]