I've been seeing frightening headlines about a new threat to Linux based routers. "Moose - the router worm with an appetite for social networks", "Dissecting the Linux/Moose malware", "Moose worm targeting Linux-based routers and systems" and more. Bar the door and get out the rifles, boys: we are under attack!
There's even an imposing list of "affected vendors": 3Com, Alcatel-Lucent, Allied Telesis, Avaya, Belkin, Brocade, Buffalo, Celerity, Cisco, D-link, Enterasys, Hewlett-Packard, Huawei, Linksys, Mikrotik, Netgear, Meridian, Nortel, SpeedStream, Thomson, TP-Link, Zhone, ZyXEL and more. Forget the rifles, we need cannons!
Really? According to an Arstechnica article that came complete with a scary graphic, the Linux/Moose malware "exploits routers open to connections from the Internet via Telnet by performing brute-force login attempts using default or common administrative credentials".
Say what? Telnet? Default credentials?
Honestly, how can you look at me with a straight face and call this a Linux security issue? ANY ROUTER WITH DEFAULT CREDENTIALS IS A SECURITY THREAT! This isn't a Linux security issue; it's an idiot's security issue!
On my systems, I'm meeting this threat head-on by doing absolutely nothing. I never had telnet open to start with and default credentials were changed before any of my routers first connected to the internet. Linux security threat? Nonsense.
Got something to add? Send me email.
More Articles by Anthony Lawrence © 2015-06-02 Anthony Lawrence
I'm sure the universe is full of intelligent life. It's just been too intelligent to come here. (Arthur C. Clarke)