Re: ssd attacks; worm? and precautionary steps

From: H.S. (g_reate_xcalibur_at_yahoo.com)
Date: 08/23/05

  • Next message: jayjwa: "Re: ssd attacks; worm? and precautionary steps"
    Date: Mon, 22 Aug 2005 23:13:23 GMT
    
    

    Apparently, _Grant_, on 22/08/05 18:50,typed:

    > You miss the point entirely, unix is not windows, scripts do not

    I am well aware of the fact thank you.

    > have a particular name, and they're not virus. One would need to

    Perhaps they don't have particular names (btw, which quite possible in
    Windows world too). But advisories usually mentioned such
    scripts/worms/bots/virii or what you have by some noun or by description
    of their behaviour. That was the import of my question.

    > ask why have port 22 open at all for public connections? If you

    For the time being, I cannot move the ssh to another port. Moreover,
    from a Gentoo website, I have realized it is not difficult at all to
    test what other ports sshd is listening on. Obscuring the ssh port may
    decrease the hits or avoid them for a while, but it is not a very strong
    defence mechanism.

    > adminning a machine remotely you may choose a non-standard port and
    > strong authentication. You may put firewall rules in to allow
    > ssh only from known hosts (I do this as I have a unix account
    > elsewhere). You may also limit connection rate to average something
    > like 4/hour. (per user, perhaps).

    Looks like you haven't read my first message in this thread.

    >
    > The point is, detection _after_ violation is too late, and there
    > are easier ways to break a machine.
    >
    > As far as lists go, a modern unix box is likely to have several
    > dictionaries installed, plus wordlists a prudent admin will use to
    > validate her users' have reasonably strong passwords.

    Right.

    > Cheers,
    > Grant.

    regards,
    ->HS

    -- 
    Please remove the underscores ( the '_' symbols) from my email address
    to obtain the correct one. Apologies, but the fudging is to remove spam.
    

  • Next message: jayjwa: "Re: ssd attacks; worm? and precautionary steps"