Re: Need urgent help regarding security

• Previous message: Peter Jeremy: "Re: Need urgent help regarding security"
• Maybe in reply to: Mark Jayson Alvarez: "Need urgent help regarding security"
• Next in thread: Josh Paetzel: "Re: Need urgent help regarding security"
• Reply: Josh Paetzel: "Re: Need urgent help regarding security"
• Reply: Timothy Smith: "FreeBSD-SA-05:21.openssl and 6.0"
• Reply: Marian Hettwer: "Re: Need urgent help regarding security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 17 Nov 2005 23:20:57 -0800
To: Timothy Smith <timothy@open-networks.net>

At 02:42 PM 11/18/2005 +1000, Timothy Smith wrote:
| i have seen a similar attack recently doing a brute force ssh. the
| number ONE weakness in most poorly run IT systems, is easy passwords.
| it's amazingly easy to brute force these systems using common names or
| variations of them.

Speaking of SSH, if you have to provide SSH service via a public IP# (and you
are unable to limit traffic to just specific management/workstation IP#'s), then
it's always a good idea to confirm that root login is not enabled in
/etc/ssh/sshd_config. This make a brute force attack much more difficult, since
a would-be attacker not only has to hit the correct password, but they also have
to know a valid username on the system (as opposed to just using 'root') during
an attack.

Also, if you have access to the router, it's handy to re-write traffic from a
higher public port down to port 22 on the server, since that will trip up anyone
doing scans looking for a connect on port 22 across a large number of IP's.

Anyway, just a couple of ideas I thought might be helpful while on the subject
of SSH hardening :-)

Ray

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Peter Jeremy: "Re: Need urgent help regarding security"
• Maybe in reply to: Mark Jayson Alvarez: "Need urgent help regarding security"
• Next in thread: Josh Paetzel: "Re: Need urgent help regarding security"
• Reply: Josh Paetzel: "Re: Need urgent help regarding security"
• Reply: Timothy Smith: "FreeBSD-SA-05:21.openssl and 6.0"
• Reply: Marian Hettwer: "Re: Need urgent help regarding security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Somebody is keep trying to ssh into my systems, how can I stop that? ... You are mistaken if you think your "secure", portknocking protected ssh ... open port. ... How many netfilter expoits that can successfully attack CLOSED PORTS have ... The object of security is not only to protect against remote priveledge ... (comp.os.linux.security) Re: SSH port change ... attack attempts :-) ... The port it runs on does not increase or decrease the safety. ... The other reason to change port is because your provider is a bunch of ... Deny everthing from everywhere (on ssh only if you like) exept from ... (alt.os.linux.suse) Re: SuSE Firewall ... >> of attack that got through my modem or Suse`s firewall, ... >> firewall would help only powering off the machine and not starting it ... If you dont need ssh, ... > why leave the port open? ... (alt.os.linux.suse) Re: Need urgent help regarding security ... > | i have seen a similar attack recently doing a brute force ssh. ... > traffic from a higher public port down to port 22 on the server, ... (FreeBSD-Security) Re: Is RDP Safe ... very little difference but theoretically someone could perform a brute force ... attack against the TS port. ... There is the thought that 'less ports open, less attack points' you probably ... less step than rww. ... (microsoft.public.windows.server.sbs)