[Novalug] Powerful, highly stealthy Linux trojan may have infected victims for years | Ars Technica

Rich Kulawiec rsk@gsp.org
Wed Dec 10 08:21:52 EST 2014


On Tue, Dec 09, 2014 at 01:39:38PM -0500, William Sutton via Novalug wrote:
> one of my co-workers who was making the transition from sysadmin to
> programming, rigged up a soekris running BSD and pf to demonstrate
> that it could be done for much less than $50k, but it didn't cost
> enough to make management believe it... AFAIK, management never did
> replace it.

I've spent some time with Cisco PIX gear.  Ugh.  Give me OpenBSD and pf
any day of the week over that.  Far cheaper, open source, much more
powerful, much less buggy, runs on generic hardware at rates approaching
NIC speed, and avoids the question of back doors...which, as we've
learned over the past year, is unfortunately an issue that we now
have to consider.  It also does nifty thing like passive OS fingerprinting,
which has its applications in attack/abuse control. (e.g. if you know
a priori that all systems initiating inbound ssh connections will be
Linux or BSD or Solaris or &etc., and that no systems initiating inbound
ssh connections will be Windows, you can use passive OS fingerprinting
to block the latter outright.  This immediately blocks all brute-force
ssh attacks originating from the couple hundred million zombied/botted
Windows boxes out there.)

---rsk



More information about the Novalug mailing list