Re: What can I do about breakin attempts?

From: Grant <bugsplatter@xxxxxxxxx>
Date: Mon, 27 Feb 2006 21:13:56 +1100

On Mon, 27 Feb 2006 05:18:55 +0100, Ertugrul Soeylemez <never@xxxxxxxxxxxxxx> wrote:

Still, isn't it much better to make brute-forcing (practically)
impossible? If you're a network guy, then you should know that keys are
not just more secure, but also much easier to manage/handle; one single
key for every machine you want to connect to -- without security risks.

Security is based possibilities, not assuming that some particular
solution is a cure-all --> that way lie surprises ;)

However, your non-standard port approach will keep arbitrary
script-kiddies away, but not a 'real' attacker. He will find the port,
and he will also discover your knockd secret, if he has some good reason
to break into your system.

A real attacker is not targeting a particular box, they're looking
for the easy pickings. If port 22 doesn't respond to log on attempt,
one may expect attacker to move onto to a softer target, not hammer
against a brick wall, no?

Moving the login port is easy, as is using RSA and turning off
password authentication.

In unlikely scenario some attacker can port scan without being noticed
(that would need to be damned slow on my firewall), they still need
to meet stiff opposition in the non-password login attempt.

Grant.
--
.... The computer scientist, who had listened to all of this said,
"Yes, but where do you think the chaos came from?"
.

Follow-Ups:
- Re: What can I do about breakin attempts?
  - From: Ertugrul Soeylemez

References:
- What can I do about breakin attempts?
  - From: Chris
- Re: What can I do about breakin attempts?
  - From: Moe Trin
- Re: What can I do about breakin attempts?
  - From: Ertugrul Soeylemez
- Re: What can I do about breakin attempts?
  - From: Moe Trin
- Re: What can I do about breakin attempts?
  - From: Ertugrul Soeylemez

Prev by Date: Re: chroot email + browser ???
Next by Date: Re: lsof information
Previous by thread: Re: What can I do about breakin attempts?
Next by thread: Re: What can I do about breakin attempts?
Index(es):
- Date
- Thread

Relevant Pages

porsentry
... attacker is scanning ... # IMPORTANT NOTE: You CAN NOT put spaces between your port arguments. ... # On many Linux systems you cannot bind above port 61000. ... # host when an attack is detected. ...
(linux.redhat)
Re: Sokets De Trois v1
... folks in newsgroups who behave that way. ... If there were an actual human attacker, stealth mode doesn't really cut much ... > I believed that if a port was in stealth mode, ... >> generating random email addresses is what the worm ...
(microsoft.public.security.virus)
[PATCH] spelling fixes: arch/s390/
... - * Implementers MUST reject keys that exhibit this property. ... + * - format one debug entry and return size of formatted data ... * Sync the TOD clock using the port refered to by aibp. ... + * Sync the TOD clock using the port referred to by aibp. ...
(Linux-Kernel)
[EXPL] Multiple Vulnerabilities in CISCO VoIP Phones (Additional details)
... Multiple Vulnerabilities in Cisco IP Telephones. ... The Cisco 7900 series of phones include a built-in web server on port ... It is conceivable that a dedicated attacker could put ...
(Securiteam)
RE: Port-Knocking vulnerabilities?
... Port Knocking is obfuscation and not a security technique. ... It was and is designed not as a security function, but as a channel to hide communications on compromised hosts. ... Subject: Port-Knocking vulnerabilities? ... what an attacker could ...
(Security-Basics)