Re: ssd attacks; worm? and precautionary steps

• Previous message: Grant: "Re: ssd attacks; worm? and precautionary steps"
• In reply to: Grant: "Re: ssd attacks; worm? and precautionary steps"
• Next in thread: Barton L. Phillips: "Re: ssd attacks; worm? and precautionary steps"
• Reply: Barton L. Phillips: "Re: ssd attacks; worm? and precautionary steps"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 22 Aug 2005 23:13:23 GMT

Apparently, _Grant_, on 22/08/05 18:50,typed:

> You miss the point entirely, unix is not windows, scripts do not

I am well aware of the fact thank you.

> have a particular name, and they're not virus. One would need to

Perhaps they don't have particular names (btw, which quite possible in
Windows world too). But advisories usually mentioned such
scripts/worms/bots/virii or what you have by some noun or by description
of their behaviour. That was the import of my question.

> ask why have port 22 open at all for public connections? If you

For the time being, I cannot move the ssh to another port. Moreover,
from a Gentoo website, I have realized it is not difficult at all to
test what other ports sshd is listening on. Obscuring the ssh port may
decrease the hits or avoid them for a while, but it is not a very strong
defence mechanism.

> adminning a machine remotely you may choose a non-standard port and
> strong authentication. You may put firewall rules in to allow
> ssh only from known hosts (I do this as I have a unix account
> elsewhere). You may also limit connection rate to average something
> like 4/hour. (per user, perhaps).

Looks like you haven't read my first message in this thread.

>
> The point is, detection _after_ violation is too late, and there
> are easier ways to break a machine.
>
> As far as lists go, a modern unix box is likely to have several
> dictionaries installed, plus wordlists a prudent admin will use to
> validate her users' have reasonably strong passwords.

Right.

> Cheers,
> Grant.

regards,
->HS

-- 
Please remove the underscores ( the '_' symbols) from my email address
to obtain the correct one. Apologies, but the fudging is to remove spam.

• Previous message: Grant: "Re: ssd attacks; worm? and precautionary steps"
• In reply to: Grant: "Re: ssd attacks; worm? and precautionary steps"
• Next in thread: Barton L. Phillips: "Re: ssd attacks; worm? and precautionary steps"
• Reply: Barton L. Phillips: "Re: ssd attacks; worm? and precautionary steps"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]