Found, a new rootkit

[jdow]

From: "Les Mikesell" <lesmikesell at gmail.com>

> On Sat, 2006-04-01 at 10:28, Craig White wrote:
> 
>> I hear people talk about the lack of security in Windows but it seems to
>> me, exposing a Linux system to the Internet with shell accounts and weak
>> passwords is far more insecure than a typical Windows system.
> 
> There's about 50,000 reasons you are wrong, mostly in the form
> of windows viruses that attack the rpc and similar services.
> On windows you don't need the equivalent of shell access since
> you can do anything through the remote management console.  As
> long as unpatched exploits exist (and they are still being
> found), passwords don't matter.  Even without exploits, anything
> running with domain admin privileges can do anything/anywhere
> and if you don't have a domain the same is true for machines
> that share the same admin password.  Thus even if the rpc,
> netbios, and http ports are firewalled, if you can get an
> admin to execute a trojan or open an email that auto-executes,
> you've got access to the whole network.
> 
> Not that your point about bad passwords is any less valid...  The
> missing piece on linux is an option to rate-limit password guessing
> in ssh and automatically blacklist addresses that fail more than
> a few times.  There are some add-on wrappers, but sshd should
> do it by itself with some sane defaults.

Even more effective is firewall them off for too many "syn" attempts
in too little time. Then have a recovery function to handle brain dead
sales creatures by having the block decay away with time.

{^_^}