On Fri, Dec 5, 2008 at 10:05 AM, Evgeniy Bushkov <[EMAIL PROTECTED]> wrote: > Adam Carter пишет: >>> >>> Also take a note that there are no "known-compromised hosts" >>> >> >> What about hosts listed in RBLs? >> http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists. It would be >> interesting to see if how much correlation there is between ssh brute >> forcing bots and the contents of the various lists. >> > > It's just interesting. But I don't trust them enough. I don't know how these > lists were composed. We've periodically seen viruses outbreaks, some > computers IPs could get into lists because of trojans and so on. One day you > won't reach your server from your own home computer...
The fact that a lot of 'compromised hosts' are home users with providers like comcast, verizon, etc lends another trouble as well... dynamic IPs mean that the next person with the luck of the draw in getting that IP can't reach your servers either, and if *you* happen to be that person, no reasonable whitelist will ever get you back in from that location until you get another IP. >> >> >>> >>> because ANY IP can be forged. >>> >> >> Its easy enough to forge a SYN, but to setup a session so you can make a >> password guessing attempt requires that you also get the packets back from >> the server, which is an order of magnitude more difficult. Ever since OSes >> have implemented well chosen initial sequence numbers, spoofing of TCP >> sessions has become very difficult. >> >> > > I agree but as admin I prefer to think about many things worse than they > really are. If something wrong is possible it's better to avoid it > beforehand. > > Best regards, > Evgeniy B. Careful with that line of thinking... you'll inevitably come to the conclusion that there's no hope and you're better off just turning the system off, unplugging it from the wall, and locking it into a very sturdy vault deep beneath a very solid mountain! (until you ponder yourself insane over the security risks that exist even then, let alone the impact on usability) -- Poison [BLX] Joshua M. Murphy
