Re: ssd attacks; worm? and precautionary steps
From: Grant (g_r_a_n_t__at_dodo.com.au)
Date: 08/23/05
- Next message: H.S.: "Re: ssd attacks; worm? and precautionary steps"
- Previous message: H.S.: "Re: ssd attacks; worm? and precautionary steps"
- In reply to: H.S.: "Re: ssd attacks; worm? and precautionary steps"
- Next in thread: H.S.: "Re: ssd attacks; worm? and precautionary steps"
- Reply: H.S.: "Re: ssd attacks; worm? and precautionary steps"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 23 Aug 2005 08:50:30 +1000
On Mon, 22 Aug 2005 20:33:31 GMT, "H.S." <g_reate_xcalibur@yahoo.com> wrote:
>or list of usernames and passwords. Clearly if the script has been
>authored by someone with "half a talent for scripting", how come admins
>with greater talent haven't found it out (at least it's name or some of
>it's salient features)? And if no one knows about the script, how come
>we are assuming that it tries usernames and passwords and not something
>advanced that targets sshd or Linux kernel weaknesses?
You miss the point entirely, unix is not windows, scripts do not
have a particular name, and they're not virus. One would need to
ask why have port 22 open at all for public connections? If you
adminning a machine remotely you may choose a non-standard port and
strong authentication. You may put firewall rules in to allow
ssh only from known hosts (I do this as I have a unix account
elsewhere). You may also limit connection rate to average something
like 4/hour. (per user, perhaps).
The point is, detection _after_ violation is too late, and there
are easier ways to break a machine.
As far as lists go, a modern unix box is likely to have several
dictionaries installed, plus wordlists a prudent admin will use to
validate her users' have reasonably strong passwords.
Cheers,
Grant.
- Next message: H.S.: "Re: ssd attacks; worm? and precautionary steps"
- Previous message: H.S.: "Re: ssd attacks; worm? and precautionary steps"
- In reply to: H.S.: "Re: ssd attacks; worm? and precautionary steps"
- Next in thread: H.S.: "Re: ssd attacks; worm? and precautionary steps"
- Reply: H.S.: "Re: ssd attacks; worm? and precautionary steps"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
