Re: Why didn't Roy post this "news" item?

Home	Messages Index

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index

Re: Why didn't Roy post this "news" item?

Subject: Re: Why didn't Roy post this "news" item?
From: "Ezekiel" <there@xxxxxxxx>
Date: Thu, 26 Mar 2009 19:33:33 -0400
Bytes: 3508
Cancel-lock: sha1:bnME+TCIkSC5UcCCWI0FxMhy0ls=
Newsgroups: comp.os.linux.advocacy
Organization: A noiseless patient Spider
References: <5ax0yxhdzdjf.dlg@xxxxxxxxxxxxxxx> <gqggdv$k42$1@xxxxxxxxxxxxxxxxx> <4zxez34yuyqv.dlg@xxxxxxxxxxxxxxx> <gqgjoi$hr4$01$1@xxxxxxxxxxxxxxxxx>
Xref: ellandroad.demon.co.uk comp.os.linux.advocacy:751383

"Peter Köhlmann" <peter-koehlmann@xxxxxxxxxxx> wrote in message 
news:gqgjoi$hr4$01$1@xxxxxxxxxxxxxxxxxxxx
> Erik Funkenbusch wrote:
>
>> On Thu, 26 Mar 2009 19:10:04 +0100, Sermo Malifer wrote:
>>
>>> Erik Funkenbusch wrote:
>>>
>>>> "We have come across a botnet worm spreading around called "psyb0t".
>>>> It is notable because, according to my knowledge, it:
>>>>
>>>> ?is the first botnet worm to target routers and DSL modems"
>>>>
>>>> http://dronebl.org/blog/8
>>>>
>>>> Those routers and DSL modems are running Linux, specifically
>>>> Open/DD-WRT.
>>>>
>>>> Apparently there's over 100,000 bots in this botnet.
>>>>
>>>> Funny how he talks about Botnets all the time, but when one shows up
>>>> on Linux, he's strangely silent.
>>>>
>>>> Odd.
>>>
>>> "Am I Vulnerable?"
>>>
>>> "You are only vulnerable if:
>>>
>>> Your device is a mipsel (MIPS running in little-endian mode, this is
>>> what the worm is compiled for) device.
>>>
>>> Your device also has telnet, SSH or web-based interfaces available to
>>> the WAN, and
>>>
>>> Your username and password combinations are weak, OR the daemons that
>>> your firmware uses are exploitable."
>>>
>>> "As such, 90% of the routers and modems participating in this botnet
>>> are participating due to user-error (the user themselves or otherwise).
>>> Unfortunately, it seems that some of the people covering this botnet do
>>> not understand this point, and it is making us look like a bunch of
>>> idiots."
>>>
>>> "Any device that meets the above criteria is vulnerable, including
>>> those built on custom firmware such as OpenWRT and DD-WRT. If the above
>>> criteria is not met, then the device is NOT vulnerable."
>>
>> And your point?
>>


>> Despite all those "limitations", there were estimated to be more than
>> 100,000 infected routers.
>
> "Estimated" by what evidence?
> In short, from which nether regions were those numbers pulled?

Yet when your superior Roy Schestowitz posts thne "estimated" size of a 
Windows botnet you have no problem accepting those estimates as if they 
were gospel.

"Köhlmann"... is that how "hypocrite" is pronounced in German?

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index