Re: ssd attacks; worm? and precautionary steps
From: H.S. (g_reate_xcalibur_at_yahoo.com)
Date: Mon, 22 Aug 2005 23:13:23 GMT
Apparently, _Grant_, on 22/08/05 18:50,typed:
> You miss the point entirely, unix is not windows, scripts do not
I am well aware of the fact thank you.
> have a particular name, and they're not virus. One would need to
Perhaps they don't have particular names (btw, which quite possible in
Windows world too). But advisories usually mentioned such
scripts/worms/bots/virii or what you have by some noun or by description
of their behaviour. That was the import of my question.
> ask why have port 22 open at all for public connections? If you
For the time being, I cannot move the ssh to another port. Moreover,
from a Gentoo website, I have realized it is not difficult at all to
test what other ports sshd is listening on. Obscuring the ssh port may
decrease the hits or avoid them for a while, but it is not a very strong
> adminning a machine remotely you may choose a non-standard port and
> strong authentication. You may put firewall rules in to allow
> ssh only from known hosts (I do this as I have a unix account
> elsewhere). You may also limit connection rate to average something
> like 4/hour. (per user, perhaps).
Looks like you haven't read my first message in this thread.
> The point is, detection _after_ violation is too late, and there
> are easier ways to break a machine.
> As far as lists go, a modern unix box is likely to have several
> dictionaries installed, plus wordlists a prudent admin will use to
> validate her users' have reasonably strong passwords.
-- Please remove the underscores ( the '_' symbols) from my email address to obtain the correct one. Apologies, but the fudging is to remove spam.