Slashdot Mirror

← Back to Stories (view on slashdot.org)

Distributed, Low-Intensity Botnets

Posted by kdawson on from the slow-probe dept.

badger.foo writes "We have seen the future of botnets, and it is distributed and low-key. Are sites running free software finally becoming malware targets? It all started with a higher-than-usual number of failed ssh logins at a low-volume site. I think we are seeing the shape of botnets to come, with malware authors doing their early public beta testing during the last few weeks."

1 of 167 comments (clear)

  1. Re:Go install fail2ban by Yath · · Score: 5, Informative

    Please read more of the article before posting. The activity being described is a brute-force SSH login attack that is distributed across a botnet.

    (Yes, the title of the article is misleading, as botnets are by definition distributed; the interesting bit is that SSH brute-force attacks against a specific host don't seem to have been distributed before.)

    Here's the relevant bit:

    See for example the attempts to log on as the alias user, 14 attempts are made from 13 different hosts, with only 70-46-140-187.orl.fdn.com trying more than once. Then thirteen attempts are made for the amanda user, from 13 other hosts.

    fail2ban is not effective against this.

    --
    I always mod up spelling trolls.