On Sat, 04 Aug 2012 17:40:53 -0300, Henrique de Moraes Holschuh wrote: > On Sat, 04 Aug 2012, Camaleón wrote: >> > I know the constant connection is a multicast address, but what is >> > this other stuff? It looks like something is broken/misconfigured or >> > an outright hack of the Debian repository has occurred and many >> > Debian systems are now part of a botnet. >> >> Linux as part of a botnet? That's a good one :-P > > Now, here I will have to step in. No, it is not a good one. Linux > nodes _are_ commonly co-opted to act as C&C for botnets. And > browser-based ephemeral botnet nodes (in javascript, installed by > drive-by attacks) DO work in Linux.
I've never read about linux boxes being used as bots, can you please indicate any report/stats about that fact? (and please, do not put linux *servers* in the same bag, I speak here about linux *desktops* not computers with opened ports and running out-of- date and unpatched software) >> > My Debian box is staying offline until I find out what is going on. >> >> That's sounds a bit radical :-o > > It is actually a very responsible way of handling it. With the given data? Running Debian? Behind a home router which usually come by default with NAT and firewall enabled? I don't think so. Really. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jvk2fk$dtf$1...@dough.gmane.org
