Re: ssd attacks; worm? and precautionary steps

From: H.S. (g_reate_xcalibur_at_yahoo.com)
Date: 08/23/05

  • Next message: jayjwa: "Re: ssd attacks; worm? and precautionary steps"
    Date: Mon, 22 Aug 2005 23:13:23 GMT
    
    

    Apparently, _Grant_, on 22/08/05 18:50,typed:

    > You miss the point entirely, unix is not windows, scripts do not

    I am well aware of the fact thank you.

    > have a particular name, and they're not virus. One would need to

    Perhaps they don't have particular names (btw, which quite possible in
    Windows world too). But advisories usually mentioned such
    scripts/worms/bots/virii or what you have by some noun or by description
    of their behaviour. That was the import of my question.

    > ask why have port 22 open at all for public connections? If you

    For the time being, I cannot move the ssh to another port. Moreover,
    from a Gentoo website, I have realized it is not difficult at all to
    test what other ports sshd is listening on. Obscuring the ssh port may
    decrease the hits or avoid them for a while, but it is not a very strong
    defence mechanism.

    > adminning a machine remotely you may choose a non-standard port and
    > strong authentication. You may put firewall rules in to allow
    > ssh only from known hosts (I do this as I have a unix account
    > elsewhere). You may also limit connection rate to average something
    > like 4/hour. (per user, perhaps).

    Looks like you haven't read my first message in this thread.

    >
    > The point is, detection _after_ violation is too late, and there
    > are easier ways to break a machine.
    >
    > As far as lists go, a modern unix box is likely to have several
    > dictionaries installed, plus wordlists a prudent admin will use to
    > validate her users' have reasonably strong passwords.

    Right.

    > Cheers,
    > Grant.

    regards,
    ->HS

    -- 
    Please remove the underscores ( the '_' symbols) from my email address
    to obtain the correct one. Apologies, but the fudging is to remove spam.
    

  • Next message: jayjwa: "Re: ssd attacks; worm? and precautionary steps"

    Relevant Pages

    • Re: How to GCC? - Bill Campbell/or anybody
      ... his end of the ssh connection. ... ssh extensions and commonly forward port 23 to localhost on the remote ... This allows me to use any terminal emulator on the Windows machine ... the LAN ip of the 3.2v4.2 system. ...
      (comp.unix.sco.misc)
    • Re: Help with putty code
      ... Due to the large number of bots attempting to ssh to my server, ... So to access port ... Unfortunately (under windows) the 1st attempted connection ...
      (comp.lang.c)
    • Subject: GDM and XDMCP
      ... "Remote Desktop Client" for Windows based machines of course. ... If you want really secure access you can run the XDP protocol over an ssh ... connection using the port forwarding feature of ssh. ...
      (Fedora)
    • RE: Spam: Zonealarm+Windows Firewall
      ... I wanted to run an SSH server as a Windows service, ... port via port knocking only when access was needed. ... So I chose to run ZA plus the Windows firewall. ...
      (Security-Basics)
    • Re: FC6 VPN
      ... I don't know of any windows ssh client that supports X forwarding, which is want you want to be looking at. ... Anytime you make a connection between two computers you are using a tcp/ip port. ... If you need to connect to, say a windows share, you would forward your local port to the linux server through the ssh tunnel. ...
      (Fedora)