FYI - Aidra botnet

Added by Andrew Daviel over 1 year ago

It seems that there is a botnet on the Internet targetting ARM-based devices running Linux such as cable modems, home routers etc. Part of this effort is a small scanner which looks for open telnet servers with a trivial password, and then reports back results via IRC. The install script shuts down the telnet server and firewalls it to prevent double infection. Symptoms include files/processes such as /var/run/ax and a lot of outbound telnet traffic.

E.g. http://vierko.org/tech/lightaidra-0x2012/

The out-of-box configuration of the MityARM-335x development kit is vulnerable to this attack if connected to an open network.


Replies (1)

RE: FYI - Aidra botnet - Added by Michael Williamson over 1 year ago

Hello Mr. Daviel,

Thanks for the heads up. The MityARM-335x filesystem that comes with the development kit is not hardened. It is not suitable for deploying on systems on the internet (without a firewall) without modification to things such as the password configurations, telnet, etc. It is really set up as a development kit for ease of access to allow developers to assess the basic performance of the module. The root password is not configured, and utilities such as telnet are installed for ease of access. This filesystem is basically the same one as what TI provides with the AM3359 Evaluation Kit with minor modifications to support the MityARM-3359 hardware configurations.

If you are looking for a hardened, deployment-ready filesystem, you might consider working with our Timesys partner. They specialize in supporting various linux distributions and have an active BSP for the MityARM-3359 devkit. I am sure that they provide appropriate packages (ssh, PAM, various authentication packages, etc.) to allow for hardened network deployment. You might also check out the Angstrom distribution toolchain and fileserver files section and/or perhaps modifying the filesystems from the BeagleBone project, which for the most part should work with the MityARM-335X platform as long as you use the kernel and u-Boot provided by Critical Link.

Many apologies if we have somehow conveyed that the developer kit filesystem was hardened / secure. No effort has been made to do so with the development kit.

-Mike

(1-1/1)

Add picture from clipboard (Maximum size: 500 MB)