[svlug] botnets

[Joe Buck]

On Mon, Jan 08, 2007 at 11:32:33AM -0700, Skip Evans wrote:
> How susceptible are Linux workstations running 
> distros like Debian, etc, to botnets?

We shouldn't be complacent.  Right now, the risk is near-zero because
Windows machines are low-hanging fruit: there are so many of them, and so
many holes.

But if remote exploits become known in Linux distributions, it's not hard
to write a worm that can quickly capture all vulnerable machines on the
net.  And these exploits have occurred and been used in the past; back in
the Red Hat 6 days (I think), there was a hole in ssh that was widely
exploited, and one of my colleagues had a home machine that was taken
over; evidently the bad guy was using my colleague's box to attack other
sites.

You need to install security updates promptly, and your distro has to
produce the updates promptly (this has sometimes been an issue with
Debian, which hasn't been as quick as some other distros in getting
updates out).