Re: What can I do about breakin attempts?

On Sun, 26 Feb 2006, in the Usenet newsgroup comp.os.linux.security, in article
<20060226042451.11f5899a@xxxxxxxxxxxx>, Ertugrul Soeylemez wrote:

ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin) (06-02-25 14:23:48):

Why is your server accepting connections from the world? Use your
firewall to restrict access to the limited number of addresses (or
address ranges) where you might actually want to connect. Another
tact is to move the server to a non-standard port.

I don't really get why nobody here has ever heard anything about
key-based authentication. It makes brute-force attacks practically
impossible.

As Larry Wall likes to say "There's more than one way to do it."

By restricting the allowed IP addresses, and/or moving the service to
an uncommon port number, I don't see these attempts. The bottom line
answer is "what works for you".

You (Moe) seem to be particularly interested in cryptography. I
expected that _you_ would be the first to recommend that.

I'm a networking guy, not a crypto student. Blocking/moving comes to my
mind as the quickest solution. There is nothing to prevent combining
these techniques, nor is there much in choice of one over the other.
Actually, what I'm looking at right now is a port-knocking solution as
an alternative to restricting the IP range, though still using random
destination port numbers.

Old guy
.

Relevant Pages

  • Re: Simple IPSEC filter
    ... The reason I am wary of your suggested filter is that I ... If I allow one machine in without restricting to TCP and port 25, ...
    (microsoft.public.windows.server.networking)
  • Re: Port forwarding based on source IP?
    ... > Can you specify the remote port in remote desktop? ... Each of the ports could have a port rule that's ... I can specify the port with a registry hack. ... So the question becomes which routers support "port rules" (restricting ...
    (comp.security.firewalls)