So as a new Linux guy that just has Ubuntu installed on a laptop running media server, sounds like I shouldn’t be worried since it is NAT’d behind my router and this worm compromises telnet and SSH connections. Am I getting the gist right? Totally newb here again.
Conventional Linux use should be fine. It’s targeting SSH connections to other things over the net; connecting to a server, remote camera, etc. So it reverse engineers the connection by brute-forcing(?) Weak ssh passwords to install the malware.
I’m not an IT professional but this is my layman interpretation.
The telnet vulnerability allows it to infect some older IoT devices (such as CCTV cameras) or if you are using an older router where telnet is enabled (or may be enabled by default). Most modern devices don’t use that method anymore due to security concerns.
The SSH vulnerability can affect a lot more devices. So if you have a Raspberry Pi on your network with a default account/password or a weak password then it can infect that and spread to other devices on your local network. Or maybe a cheap IoT device that has weak security… same problem.
A concern for you is if you have some other device on your network that was vulnerable, because then that device can serve as a point for the worm to jump to your other devices (if they also use default passwords or weak passwords).
Another big question to ask is whether you have UPnP enabled on your router.
Either way I would make sure that you have strong passwords, change the default username, etc, on all of your devices.
People are giving some advice but it doesn’t seem appropriate for an absolute newbie. Here’s what I’d say. Absolutely do not run telnet. Because it’s so insecure and everyone knows that, it’s usually not on by default, and you would have had to start it yourself somehow. It’s unlikely that you did that, but you can check to see.
If you’re new, you very likely don’t need an SSH server running. Unless you’re logging into that computer remotely, you don’t need it. It’s probably not running, but it’s conceivable that it could run by default. Check to see and disable it if you don’t need remote login.
If you do need remote login, use SSH and use a very good password. Ideally, you’d need to leave newbie territory and use public-private keys instead of a password. It’s also not a bad idea to use a nonstandard port, instead of 22. That doesn’t beef security much, but many scanners are going to look for 22 and nothing else.
Thank you for the well thought out response! I, myself do know my way around networking a bit. Linux in general is what I am just now dipping my toes in. Loving it and learning a lot.
So as a new Linux guy that just has Ubuntu installed on a laptop running media server, sounds like I shouldn’t be worried since it is NAT’d behind my router and this worm compromises telnet and SSH connections. Am I getting the gist right? Totally newb here again.
Systems with exposed SSHd, but also properly configured, are also not at risk.
Conventional Linux use should be fine. It’s targeting SSH connections to other things over the net; connecting to a server, remote camera, etc. So it reverse engineers the connection by brute-forcing(?) Weak ssh passwords to install the malware.
I’m not an IT professional but this is my layman interpretation.
Hard to tell at a glance.
The telnet vulnerability allows it to infect some older IoT devices (such as CCTV cameras) or if you are using an older router where telnet is enabled (or may be enabled by default). Most modern devices don’t use that method anymore due to security concerns.
The SSH vulnerability can affect a lot more devices. So if you have a Raspberry Pi on your network with a default account/password or a weak password then it can infect that and spread to other devices on your local network. Or maybe a cheap IoT device that has weak security… same problem.
A concern for you is if you have some other device on your network that was vulnerable, because then that device can serve as a point for the worm to jump to your other devices (if they also use default passwords or weak passwords).
Another big question to ask is whether you have UPnP enabled on your router.
Either way I would make sure that you have strong passwords, change the default username, etc, on all of your devices.
People are giving some advice but it doesn’t seem appropriate for an absolute newbie. Here’s what I’d say. Absolutely do not run telnet. Because it’s so insecure and everyone knows that, it’s usually not on by default, and you would have had to start it yourself somehow. It’s unlikely that you did that, but you can check to see.
If you’re new, you very likely don’t need an SSH server running. Unless you’re logging into that computer remotely, you don’t need it. It’s probably not running, but it’s conceivable that it could run by default. Check to see and disable it if you don’t need remote login.
If you do need remote login, use SSH and use a very good password. Ideally, you’d need to leave newbie territory and use public-private keys instead of a password. It’s also not a bad idea to use a nonstandard port, instead of 22. That doesn’t beef security much, but many scanners are going to look for 22 and nothing else.
Thank you for the well thought out response! I, myself do know my way around networking a bit. Linux in general is what I am just now dipping my toes in. Loving it and learning a lot.
Can you connect to your server when not on your network?
If no, you’re definitely ok.
There will always be new malware. Just update regularly and use your head. Don’t worry about it too much