Re: openssh concerns



On Fri, 2 Oct 2009, johnea wrote:
Garrett Wollman wrote:
[..]
tcp4 0 0 atom.60448 host154.advance.com.ar.auth
TIME_WAIT

"auth" is the port number used by the IDENT protocol.

-GAWollman

Thank You to everyone who responded!

In fact I did discover these lines in hosts.allow:

31-# Protect against simple DNS spoofing attacks by checking that the
32-# forward and reverse records for the remote host match. If a mismatch
33-# occurs, access is denied, and any positive ident response within
34-# 20 seconds is logged. No protection is afforded against DNS poisoning,
35-# IP spoofing or more complicated attacks. Hosts with no reverse DNS
36-# pass this rule.
37:ALL : PARANOID : RFC931 20 : deny

This is what was generating the auth protocol socket.

I've disabled it to prevent the establishment of the auth socket to hosts
who are attempting to breakin.

Per another suggestion I also intend to change the port for ssh to a
non-standard number (after synchronizing with the users of course 8-)

This will provide the greatest relief against drive-by ssh probes, which
are pretty much background radiation these days. Some may decry it as
'security by obscurity', but who cares when it works so effectively :)

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers provides a
reasonably useful list of ports NOT to choose for an obscure ssh port.

cheers, Ian
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: Port 113 requests?
    ... > Subject: Re: Port 113 requests? ... If you drop the auth attempts silently, ... punched a hole through your firewall for all port-113 connections! ...
    (Incidents)
  • Re: AUTH when sending
    ... I changed from a server that ran on port 25 ... port) and did require auth. ... still using the server on port 587. ... When I have the "use submission port" box checked, ...
    (comp.mail.eudora.mac)
  • Re: AUTH when sending
    ... I changed from a server that ran on port 25 ... port) and did require auth. ... still using the server on port 587. ... When I have the "use submission port" box checked, ...
    (comp.mail.eudora.mac)
  • Re: nother IPFW question
    ... Otherwise remote sendmails using auth will stall trying ... Alternatively the firewall can ... :Sounds like someone on a remote server connected to some port on your box, ...
    (FreeBSD-Security)
  • Re: ssh gives "Permission denied, please try again"
    ... port 22 on your internal machine, so you will need to keep ssh up to ... I configure the router to forward a different external port to 22 on my ... For good measure pick usernames that are none obvious, ... root/password: 163 times ...
    (uk.comp.os.linux)