Re: Somebody is keep trying to ssh into my systems, how can I stop that?



left_coast <void@xxxxxxxx> (06-07-26 04:57:53):

I'm growing tired of your constant "nothing is perfect, nothing is
perfect, nothing is perfect" ranting. You need to learn that while
nothing is perfect there is "good enough to get the job done".

And there is also, vastly superior ways of doing things. For what it
would take to break into my system, Ertugrul Soeylemez, and anyone
else would be better off A) paying me a bunch of money so I would just
give you my computer or B) coming to my house and stealing my computer
or C) finding some way, other than attacking ssh, to break in.

Closing off a service port to only IP addresses which are authorized,
which is my suggestion, is a tried and true method that Firewall
experts build into their systems because it DOES ADD SECURITY no
matter how many times idiots rant "but its not perfect".

Well, you're right in that security systems just need to have 'ideal'
security (in your terminology: 'good enough') to be production-ready, as
'perfect' security isn't possible anyway, and I've never questioned
that. In fact, what I'm telling is exactly that: Perfect security is
impossible.

"There is always a way to get in", in this sense is equivalent to:
"There is no perfect security". While obvious, that's something that
shouldn't be ignored, but you're ignoring or even denying it.


Another point (which we've discussed in a long thread in another group):
Security by obscurity isn't essentially bad, but you shouldn't rely on
that alone. I'm talking about portknocking and netfilter rules. Why do
you still use passwords instead of keys? Sure, good passwords are hard
to break, but good keys (i.e. 2048 bit and above) are currently
impossible to break, and you overcome the danger of someone looking over
your shoulders while you type.

There are also ways to defend against most kinds of software bugs,
without needing to hide the software itself. This includes grsecurity,
PaX, SELinux, or even setting the environment variable MALLOC_CHECK_ to
'2' for programs reachable from the outside. That way you wouldn't have
to hide your processes.

By the way: Bugs can be everywhere. Maybe you can even be rooted by
over-using netfilter rules. Remember the netfilter bug with the TCP
options a few months ago? The next bug could be found in the byte order
converter or the packet analyzer. Nothing is impossible, and the latest
security hole in the mainstream netfilter distribution has proven that.


Regards,
E.S.
.