Re: Somebody is keep trying to ssh into my systems, how can I stop that?
- From: Unruh <unruh-spam@xxxxxxxxxxxxxx>
- Date: 26 Jul 2006 04:39:59 GMT
left_coast <void@xxxxxxxx> writes:
Jeremiah DeWitt Weiner wrote:
left_coast <void@xxxxxxxx> wrote:
Some have suggested changing ports, this is simply trying to hide from
the attackers.
I don't think anyone has suggested changing the port number as a
serious security measure. It's just a way to keep the noise down.
In this thread, see: <12c7uettj9ov3b7@xxxxxxxxxxxxxxxxxx>
Looks like a recomendation
Someone scanning using ssh connects on a series of ports could
still easily find your port and your back in the same situation. Leaving
your port open and relying only on passwords and RSA stuff still leaves
your ssh port vulnerable to buffer overflow attacks from anywhere and
anyone on the internet.
Two things:
One, 99.99% of attackers aren't portscanning to figure out where you're
Proof of statistics? Please show documented evidence or you are just making
up numbers to make a point, in doing so, you have blown your credibility
totally out of the water. However, even using your numbers, on on 10,000
hackers ARE portscanning, that is enough to take the treat seriously.
running ssh. They're just running automated tools that are fast and
stupid. No, changing ports won't protect you from a smart, dedicated
attacker, but it isn't intended to, and fortunately, smart, dedicated
attackers are pretty rare.
If it will not protect you from a "smart, dedicated attacker", then it does
not protect you.
The OP was not asking for protection. He was asking how to make someone who
was banging on his ssh port to stop.
Two, the vast bulk of ssh attacks, the ones which make people complain
about their logs filling up, are not buffer overflow attacks; they're
dictionary attacks on weak passwords. The answer to that is as simple
as "don't use weak passwords".
It only takes one attack to cause a system to be broken into, Since you
claim "vast bulk... are not buffer overflow..." then at least SOME ARE
buffer overflow, that is enough to worry about, since it only takes ONE
attack to be successful.
Nuts. There is always some way to break into a system. Always. You just
have to make sure it is obscure enough that noone out there actually tries
it. Ie, whether or not an attack is successful is a product of probability
of some system being weak TIMES the probability of that system being
attacked.
Do you know of ANY of the current ssh attacks which are buffer overflow?
--.
Still waiting for a rational answer from Bittwister to this:
<nfqlo3-qds.ln1@xxxxxxxxxxxxxxxxxxxx>.
- Follow-Ups:
- References:
- Somebody is keep trying to ssh into my systems, how can I stop that?
- From: GS
- Re: Somebody is keep trying to ssh into my systems, how can I stop that?
- From: left_coast
- Re: Somebody is keep trying to ssh into my systems, how can I stop that?
- From: Jeremiah DeWitt Weiner
- Re: Somebody is keep trying to ssh into my systems, how can I stop that?
- From: left_coast
- Somebody is keep trying to ssh into my systems, how can I stop that?
- Prev by Date: Re: X windows: don't install or don't run?
- Next by Date: Re: Secure drives or partitions in Linux?
- Previous by thread: Re: Somebody is keep trying to ssh into my systems, how can I stop that?
- Next by thread: Re: Somebody is keep trying to ssh into my systems, how can I stop that?
- Index(es):
Relevant Pages
|
