[ubuntu-uk] Security on Ubuntu

Tony Arnold tony.arnold at manchester.ac.uk
Sun Mar 4 19:21:12 GMT 2007


Adam McMaster wrote:

> As for being attacked by botnets, what in the default Ubuntu install
> would they be attacking? There are no services running...

My experience of this is that Unix/Linux systems get compromised through
a users password leaking somewhere. The last attack we saw the password
was grabbed through a key-logger on an unpatched Windows system!

Having said that, once a hacker has a user name/password they do not
need to get root privilege to add your machine to a botnet. User level
code can be run to launch distributed DOS attacks or to attempt to
propagate the botnet code to other machines.

A firewall that only protects against incoming connections does not help
with this kind of attack as the botnet code often makes outgoing
connections to a controlling node somewhere.

The moral of this is keep your passwords secret and don't type them into
untrusted machines. Also do not have the same password on more than one
system, because if the hacker gets to one machine, he will get to them
all (the incident I referred to above was on a set of Linux boxes all
using Kerberos authentication as part of AFS. About a dozen or so
machines were all compromised as a result.

Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold

More information about the ubuntu-uk mailing list