[clug] DDos attacks using Linux hosts. (the-sky-is-falling now a "thing", according to the Aztec calendar)

[George at Clug]

     Scott,

Do you have the interest, time, and patience to give a talk or a
series of talks to CLUG on "Using chkrootkit and rkhunter - Practial
Basics".

Is it possible for "End Users", to make use of such tools as
chkrootkit and rkhunter ?  Or do they belong to the domain of
Security Professionals?

Now for a few more questions;

Since moving from Windows to Linux as my personal computer OS, I feel
a certain responsibility as a "internet citizen", if that is an
appropriate phrase, to have some practical knowledge in keeping my
system from being compromised and used to abuse other people's
Internet connected devices. But how and to what to what level of
Security awareness should be or can be expected of general Linux
Users? And how can the technical Linux Community assist the general,
non-technical Linux Community who would like to "just use Linux as
their operating system"?

I ask these questions as I would like to promote Linux to the general
public as an alternative to using other Commercial Operating Systems. 

George Kirkham.



At Thursday, 08-09-2016 on 21:25 Scott Ferguson wrote:


Thanks Chris, and Hal, I was tempted to respond when I initially read
Steve's post but...

On 08/09/16 17:14, Chris Smart wrote:
> On Wed, Sep 07, 2016 at 12:40:19PM +1000, steve jenkin wrote:
>> Just using Linux is no longer a protection against hackers.

And never, ever, has been. *1 (except in the world of security with
120
character limitations and face-painting fan bois). I'm not certain
Steve
meant it to read that way - perhaps he's just experimenting with the
current school of copywriting.

Likewise Apple or [insert name of operating system here]
:)

The fact remains that Linux, properly administered and deployed, can
be
"secure enough". If the system is documented any root kit can be
detected with external audits (i.e. whilst it is not live). Note that
chkrootkit and rkhunter are not sufficient protection - though a
properly configured and monitored transparent proxy will detect all
but
the most sophisticated side-channelling. And, relying on the integrity
of every internet connected device to protect against DDOS attacks
just
encourages vegetables to find work as network/firewall administrators.

> 
> Really, though? Isn't this more about vulnerable operating systems
in
> general? I mean, if I can get root on a box I can make it do
anything
> (even a Linux box). I don't think that this is a particularly new
> problem.

The proliferation of cheap computing devices has led to an increase in
the number of vulnerable devices - this has nothing to do with the
inherent weakness of the OS and everything to do with the way the OS
has
been thrown together to meet a market demand for cheap devices,
exacerbated by lack of updates (driven by a market demand for constant
production of new devices). E.g. the recent discovery of a browser
trusted certificate embedded in the firmware of Aruba network devices
(a
HP company).

Given that Linux rules the server, mobile platform and micro devices
it's no surprise that it should result in an increase in attractive
targets for bot-ware.

The increase in the number of desktops running Linux "managed" by
amateur sysadmins (who get their "knowledge" piecemeal from Google
university and are unable to tell the difference between a physicist
and
a chauffeur) due to the popularity of distros that promise
unattainable
combinations of simplicity and security - has also increased the
number
of vulnerable user administered devices. This is not a problems
specific
to any particular OS (it's a shoot-foot scenario that gun laws won't
change).

Convenience is the arch-enemy of security.

In both unattended and attended computers the major factor is the
increase in the amount of resources dedicated to taking advantage of
vulnerabilities.

> 
> I do think that an up-to-date Linux box is still the best protection
> against computer crackers. The problem, as the article points out,
is
> the growing number of vulnerable, never-updated Linux based IoT
devices
> (and routers).

Agreed. Sadly such rational thinking does little to ameliorate the
growing trend of click-bait the-sky-is-falling stories - in this case
rooted in yet another product promotion by Trend Micro.

> 
> While out-dated, un-patched, vulnerable IoT devices _seems_ bad, I'm
> hoping it will help us to defeat the inevitable rise of the machines
> (well that, and IPv6)!

:) What's wrong with IPv6? Anything is better than what my networking
instructor described as the drinking water from urine process called
NAT.
Now if we could just do something to stop BYOD and Ffffacebook.... ;p


Kind regards

> 
> -c
> 

*1  Unix rootkits have been around since at least 1990 (Lane Davis
and
Riley Drake). Windows rootkits have been around for a long time too
(NT
Rootkit, Greg Hogland).
https://books.google.com.au/books?id=h37q2q3wvcUC&pg=PA276&redir_esc=y#v=onepage&q&f=false
Log cleaners have been around since at least 1989.

-- 
#include 
	* 
#include 
	* 
#include 
	* 

MODULE_LICENSE("GPL");
int rooty_init(void);
void rooty_exit(void);
module_init(rooty_init);
module_exit(rooty_exit);

int rooty_init(void) {
printk("rooty: module loaded\n");
return 0;
}

void rooty_exit(void) {
printk("rooty: module removed\n");
}

Obj-m := rooty.o
KERNEL_DIR = /lib/modules/$(shell uname -r)/build
PWD = $(shell PWD)
all:
$(MAKE) -C $(KERNEL_DIR) SUBDIRS=$(PWD)
clean:
rm -rf *.o *.ko *.symvers *.mod.* *.order

-- 
linux mailing list
linux at lists.samba.org
https://lists.samba.org/mailman/listinfo/linux