|
|
Focus on Apple
several news stories on Macs being zombies Jan 08 2007 04:03AM kevhoy (kevhoy gmail com) (2 replies) RE: several news stories on Macs being zombies Jan 08 2007 05:39PM Spransy, Derek (DSPRANS emory edu) (1 replies) Re: several news stories on Macs being zombies Jan 08 2007 06:58PM gjgowey tmo blackberry net (3 replies) Re: several news stories on Macs being zombies Jan 16 2007 07:32PM David Fedoruk (david fedoruk gmail com) (2 replies) Re: several news stories on Macs being zombies Jan 18 2007 03:23PM Jeremy Reichman (jjracc rit edu) (1 replies) Re: several news stories on Macs being zombies Jan 18 2007 03:34PM Dave Schroeder (das doit wisc edu) (1 replies) Re: several news stories on Macs being zombies Jan 18 2007 03:48PM Jeremy Reichman (jjracc rit edu) (1 replies) Re: several news stories on Macs being zombies Jan 18 2007 03:55PM Philip Rinehart (philip rinehart yale edu) (1 replies) Re: several news stories on Macs being zombies Jan 18 2007 04:05PM Dave Schroeder (das doit wisc edu) (1 replies) Re: several news stories on Macs being zombies Jan 17 2007 02:02AM david (macosxforme gmail com) (1 replies) RE: several news stories on Macs being zombies Jan 18 2007 03:16PM Todd Woodward (todd_woodward symantec com) (1 replies) Re: several news stories on Macs being zombies Jan 18 2007 03:32PM Dave Schroeder (das doit wisc edu) (1 replies) Re: several news stories on Macs being zombies Jan 18 2007 03:52PM Dave Schroeder (das doit wisc edu) Re: several news stories on Macs being zombies Jan 09 2007 06:57AM Nerijus Krukauskas (nkrukauskas gmail com) RE: several news stories on Macs being zombies Jan 09 2007 02:56AM Spransy, Derek (DSPRANS emory edu) (1 replies) Re: several news stories on Macs being zombies Jan 08 2007 04:57PM Dave Schroeder (das doit wisc edu) |
|
Privacy Statement |
On Jan 8, 2007, at 9:56 PM, Spransy, Derek wrote:
> Denyhosts is a wonderful automated SSH defense tool, and works very
> well in OS X.
> http://denyhosts.sourceforge.net/
Denyhosts is fine but far it's still important to properly secure
ssh. Which is platform-agnostic.
setup public key authentication.
Modfy /etc/sshd_config
AllowUsers accountnameyoudesire
PermitRootLogin no
PasswordAuthentication no
>
> From: listbounce (at) securityfocus (dot) com [email concealed] on behalf of
> gjgowey (at) tmo.blackberry (dot) net [email concealed]
> Sent: Mon 1/8/2007 1:58 PM
> To: Spransy, Derek; listbounce (at) securityfocus (dot) com [email concealed]; kevhoy; focus-
> apple (at) securityfocus (dot) com [email concealed]
> Subject: Re: several news stories on Macs being zombies
>
> Password access via SSH should be banned. On my colo'd server I
> have public key authentication as the only valid authentication
> method enabled. However, I still notice numerous attempts in my
> log files of trying brute force attacks. I've seen upwards of over
> 1000+ tries from the same IP in some instances. SSH really needs
> better defense mechanisms against these script kiddies like a
> timeout for some period of time for an IP when they're trying an
> obvious brute force.
>
>
>
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of kevhoy
> Sent: Sunday, January 07, 2007 11:04 PM
> To: focus-apple (at) securityfocus (dot) com [email concealed]
> Subject: several news stories on Macs being zombies
>
>
>
> This weekend, I have seen several stories that say some version of
> the following.
>
>
>
>
> While some zombie computer crimes have been linked to computers
> running Linux or Macintosh operating systems, officials have warned
> that Windows systems are the most susceptible.
>
> http://www.upi.com/NewsTrack/view.php?StoryID=20070107-042614-5177r
>
>
>
> So far botnets have predominantly infected Windows-based computers,
> although there have been scattered reports of botnet-related
> attacks on computers running the Linux and Macintosh operating
> systems.
>
> http://www.nytimes.com/2007/01/07/technology/07net.html?
> _r=1&oref=slogin
>
>
>
> Is there any real true to these reports? I haven't seen this
> reported here or anywhere else. Are these just repeating the same
> story? Could some one please elaborate if this is truly happening?
>
<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; "><BR><DIV><DIV>On Jan 8, 2007, at 9:56 PM, Spransy, Derek wrote:</DIV><BR class="Apple-interchange-newline"><BLOCKQUOTE type="cite"> <DIV id="idOWAReplyText41691" dir="ltr"> <DIV dir="ltr"><FONT face="Arial" color="#000000" size="2">Denyhosts is a wonderful automated SSH defense tool, and works very well in OS X. </FONT></DIV> <DIV dir="ltr"><A href="http://denyhosts.sourceforge.net/">http://denyhosts.sourceforge.ne
t/</A></DIV></DIV></BLOCKQUOTE><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Denyhosts is fine but far it's still important to properly secure ssh. Which is platform-agnostic.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>setup public key authentication.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Modfy /etc/sshd_config</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>AllowUsers accountnameyoudesire</DIV><DIV>PermitRootLogin no</DIV><DIV>PasswordAuthentication no</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR class="khtml-block-placeholder"></DIV><BR><BLOCKQUOTE type="cite"><DIV id="idOWAReplyText41691" dir="ltr"> <DIV dir="ltr"> </DIV> <DIV dir="ltr"> <HR tabindex="-1"> <FONT face="Tahoma" size="2"><B>From:</B> <A href="mailto:listbounce (at) securityfocus (dot) com [email concealed]">listbounce (at) securityfocus (dot) com [email concealed]<
/A> on behalf of <A href="mailto:gjgowey (at) tmo.blackberry (dot) net [email concealed]">gjgowey (at) tmo.blackberry (dot) net [email concealed]</A><
BR><B>Sent:</B> Mon 1/8/2007 1:58 PM<BR><B>To:</B> Spransy, Derek; <A href="mailto:listbounce (at) securityfocus (dot) com [email concealed]">listbounce (at) securityfocus (dot) com [email concealed]<
/A>; kevhoy; <A href="mailto:focus-apple (at) securityfocus (dot) com [email concealed]">focus-apple (at) securityfocus (dot) co [email concealed]
m</A><BR><B>Subject:</B> Re: several news stories on Macs being zombies<BR></FONT><BR></DIV></DIV> <DIV><P><FONT size="2">Password access via SSH should be banned. On my colo'd server I have public key authentication as the only valid authentication method enabled. However, I still notice numerous attempts in my log files of trying brute force attacks. I've seen upwards of over 1000+ tries from the same IP in some instances. SSH really needs better defense mechanisms against these script kiddies like a timeout for some period of time for an IP when they're trying an obvious brute force.<BR><BR><BR><BR>From: <A href="mailto:listbounce (at) securityfocus (dot) com [email concealed]">listbounce (at) securityfocus (dot) com [email concealed]<
/A> [<A href="mailto:listbounce (at) securityfocus (dot) com [email concealed]">mailto:listbounce@securityfoc
us.com</A>] On Behalf Of kevhoy<BR> Sent: Sunday, January 07, 2007 11:04 PM<BR> To: <A href="mailto:focus-apple (at) securityfocus (dot) com [email concealed]">focus-apple (at) securityfocus (dot) co [email concealed]
m</A><BR> Subject: several news stories on Macs being zombies<BR><BR> <BR><BR>This weekend, I have seen several stories that say some version of the following.<BR><BR><BR> <BR><BR>While some zombie computer crimes have been linked to computers running Linux or Macintosh operating systems, officials have warned that Windows systems are the most susceptible.<BR><BR><A href="http://www.upi.com/NewsTrack/view.php?StoryID=20070107-042614-5177
r">http://www.upi.com/NewsTrack/view.php?StoryID=20070107-042614-5177r</
A><BR><BR> <BR><BR>So far botnets have predominantly infected Windows-based computers, although there have been scattered reports of botnet-related attacks on computers running the Linux and Macintosh operating systems. <BR><BR><A href="http://www.nytimes.com/2007/01/07/technology/07net.html?_r=1&oref=
slogin">http://www.nytimes.com/2007/01/07/technology/07net.html?_r=1&
;oref=slogin</A><BR><BR> <BR><BR>Is there any real true to these reports? I haven't seen this reported here or anywhere else. Are these just repeating the same story? Could some one please elaborate if this is truly happening?<BR><BR class="khtml-block-placeholder"></FONT></P></DIV></BLOCKQUOTE><BR></DIV>
<DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR class="khtml-block-placeholder"></DIV><BR></BODY></HTML>
[ reply ]