Re: Need urgent help regarding security

From: Danny Carroll (danny_at_dannysplace.net)
Date: 11/21/05

  • Next message: Brian Reichert: "Re: Need urgent help regarding security"
    To: "Marian Hettwer" <MH@kernel32.de>, "Jeremie Le Hen" <jeremie@le-hen.org>
    Date: Mon, 21 Nov 2005 15:01:45 +0100
    
    

    > you're right with that assumption. And yes, given the above scenario,
    > letting the sshd run on a different port would help. However, your
    > scenario counts to any daemon listening on any port. What would you like
    > to do? Moving httpd, smtpd and whoever to another port? :)
    > I'd rather say, use any tools available within FreeBSD to make your box
    > as secure as you need it to be. I'm thinking of fine things like
    > kern.securelevel for instance :)

    But sshd can be moved without problem. Moving httpd or worse, sendmail
    would break things.
    Also, I dont think anyone here would suggest that this is a replacement of
    other good security practices, such as those you mention, only something to
    add to if you wish.

    > Being confident that the OpenSSH guys are good developers too, I'm not
    > that much afraid of the hackers you mentioned above (and of course no
    > script-kiddies either) :-)

    Just because they are good, does not mean they dont make mistakes.

    > It's definetly not my intenion to troll. If somebody thinks that I do,
    > I'm sorry in advance. I just have the strong feeling that moving a
    > daemon to another port (where it doesn't belong) won't gain any security.

    The point here is, there are not ill effects from moving it, and possibly,
    in some cases actually prevent a break in.
    It might not be necessary for 99.99% of the time but if it saves you once,
    then its paid for itself.

    -D

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Brian Reichert: "Re: Need urgent help regarding security"

    Relevant Pages

    • How did this happen?
      ... May 12 06:50:43 localhost sshd: Failed password for illegal user ... cgi from 212.93.149.205 port 2265 ... Starting sshd: ...
      (comp.os.linux.security)
    • Re: bypassing employers proxy to surf anonymously
      ... port 443, so it's harder to distinguish from an https server. ... through the remote sshd. ... You have an option to go with a managed service or an enterprise software. ...
      (Pen-Test)
    • Re: ssh under attack - sessions in accepted state hogging CPU
      ... I haven't tried this specific port knocking sequence but you could setup a knock where if a user attempts to connect to port 22 say 3 times it then opens up port 22 to that ip and allows them to connect to sshd. ... I'm working on getting sshguard+ipfw in place to deal with it, but in the meantime, my box is getting pegged because sshd is accepting some connections which are getting stuck in state and eating CPU. ...
      (freebsd-questions)
    • RE: possible ssh hack
      ... What version of SSHD were you running, ... Apache and we can help you out. ... Subject: possible ssh hack ... port 4207 ...
      (Incidents)
    • Re: Possible New Security Tool For FreeBSD, Need Your Help.
      ... We just want to hide the sshd port until we need it. ... >> the Internet where would they put the sniffer? ... Do a traceroute between the host you're ...
      (FreeBSD-Security)