nightduke wrote:
> Visit offical site to grab latest OpenSSH 5.1
Great idea. Why not do that for all software on your system? And then
track all security updates for yourself instead on relying on the
distributor to do so?
Ralph
pgpnyGLWbjSiR.pgp
Description: PGP signature
_
Visit offical site to grab latest OpenSSH 5.1
2008/7/23 Bowie Bailey <[EMAIL PROTECTED]>:
> Florin Andrei wrote:
>> Bowie Bailey wrote:
>> >
>> > I know it's "security through obscurity"
>>
>> That's not necessarily a bad thing.
>>
>> It is bad if it's the _only_ protection.
>
> Right. I was just
Florin Andrei wrote:
> Bowie Bailey wrote:
> >
> > I know it's "security through obscurity"
>
> That's not necessarily a bad thing.
>
> It is bad if it's the _only_ protection.
Right. I was just trying to head off the inevitable objections.
Not that it worked... :)
--
Bowie
___
Bowie Bailey wrote:
I know it's "security through obscurity"
That's not necessarily a bad thing.
It is bad if it's the _only_ protection.
--
Florin Andrei
http://florin.myip.org/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/ma
No method is perfect, but something that seems to work ok in practice is
to just move ssh to a different TCP port, and -j DROP the unused ports.
Failproof? No, but it reduces the noise tremendously.
If the script kiddies learn the new port (unlikely), either move it to
another port, or apply o
On Wed, July 23, 2008 12:25, Nifty Cluster Mitch wrote:
> I like 'denyhosts' as a tool to limit these attacks, other good solutions
> also exist. Most distros now have 'denyhosts' as a prebuilt RPM which
> is a plus IMO (+). As others remarked disable root logins. Manage the
> 'su, sudo' list
On Tue, Jul 22, 2008 at 10:16:44AM -0500, David Dyer-Bennet wrote:
> On Tue, July 22, 2008 09:34, Rudi Ahlers wrote:
>
> > By changing the ports on all our servers to a high (above 1024) port, we
> > have eliminated SSH scans altogether - been running like that for a few
> > years now without any
On Tue, July 22, 2008 16:45, Les Bell wrote:
> Moving sshd to a non-standard port is one of the worst examples of relying
> on security by obscurity. Its only advantage is that it cuts out some
> noise
> in the logs, but proper precautions do that as well, without lulling you
> into a false sense
On Mon, Jul 21, 2008 at 04:43:11PM -0400, Bo Lynch wrote:
> just wanted to get some feedback from the community. Over the last few
> days I have noticed my web server and email box have attempted to ssh'd to
> using weird names like admin,appuser,nobody,etc None of these are
> valid users. I kn
Ned Slider wrote:
[snip]
I don't think anyone is suggesting running SSH on a non-standard port as
a sole means of defence, but rather as part of a layered approach where
it is very effective in what it is designed to do - namely to vastly
reduce the number of random brute-forcing attempts and
Ned Slider <[EMAIL PROTECTED]> wrote:
>>
I don't think anyone is suggesting running SSH on a non-standard port as
a sole means of defence
<<
I should hope not, but the point does bear making.
>>
We should also remember that public/private key authentication is only
secure as the host the privat
Les Bell wrote:
"David Dyer-Bennet" <[EMAIL PROTECTED]> wrote:
Yes, but if there are *any* ports exposed, seems like those are equally
possible.
<<
Sort of. Changing the port used by sshd stops the completely clueless
script kiddies, since they don't even bother looking at anything other than
p
Les Bell wrote:
Sort of. Changing the port used by sshd stops the completely clueless
script kiddies, since they don't even bother looking at anything other than
port 22.
its not even really script 'kiddies', its virus/worms that are doing the
vast majority of that hammering on port 22.
and
"David Dyer-Bennet" <[EMAIL PROTECTED]> wrote:
>>
Yes, but if there are *any* ports exposed, seems like those are equally
possible.
<<
Sort of. Changing the port used by sshd stops the completely clueless
script kiddies, since they don't even bother looking at anything other than
port 22. Puttin
Robert Moskowitz wrote:
Rudi Ahlers wrote:
[EMAIL PROTECTED] wrote:
On Tue, 22 Jul 2008 16:34:54 +0200
Rudi Ahlers <[EMAIL PROTECTED]> wrote:
Bowie Bailey wrote:
Bo Lynch wrote:
just wanted to get some feedback from the community. Over the last
few days I have noticed my web server and emai
Rudi Ahlers wrote:
[EMAIL PROTECTED] wrote:
On Tue, 22 Jul 2008 16:34:54 +0200
Rudi Ahlers <[EMAIL PROTECTED]> wrote:
Bowie Bailey wrote:
Bo Lynch wrote:
just wanted to get some feedback from the community. Over the last
few days I have noticed my web server and email box have attempted
to s
[EMAIL PROTECTED] wrote:
On Tue, 22 Jul 2008 16:34:54 +0200
Rudi Ahlers <[EMAIL PROTECTED]> wrote:
Bowie Bailey wrote:
Bo Lynch wrote:
just wanted to get some feedback from the community. Over the last
few days I have noticed my web server and email box have attempted
to ssh
On Tue, July 22, 2008 11:57, MHR wrote:
> On Tue, Jul 22, 2008 at 8:16 AM, David Dyer-Bennet <[EMAIL PROTECTED]> wrote:
>>
>> The next step up from that is some form of "port knocking" scheme --
>> where
>> the outsider must first attempt to connect to some particular *other*
>> port
>> to trigger
On Tue, Jul 22, 2008 at 8:16 AM, David Dyer-Bennet <[EMAIL PROTECTED]> wrote:
>
> The next step up from that is some form of "port knocking" scheme -- where
> the outsider must first attempt to connect to some particular *other* port
> to trigger ssh to be ready to listen on the (non-standard) SSH
On Tue, 22 Jul 2008 16:34:54 +0200
Rudi Ahlers <[EMAIL PROTECTED]> wrote:
> Bowie Bailey wrote:
> > Bo Lynch wrote:
> >
> >> just wanted to get some feedback from the community. Over the last
> >> few days I have noticed my web server and email box have attempted
> >> to ssh'd to using weird na
On Tue, July 22, 2008 09:34, Rudi Ahlers wrote:
> By changing the ports on all our servers to a high (above 1024) port, we
> have eliminated SSH scans altogether - been running like that for a few
> years now without any problems.
The next step up from that is some form of "port knocking" scheme
Bowie Bailey wrote:
Bo Lynch wrote:
just wanted to get some feedback from the community. Over the last few
days I have noticed my web server and email box have attempted to
ssh'd to using weird names like admin,appuser,nobody,etc None of
these are valid users. I know that I can block sshd
On Tue, Jul 22, 2008 at 12:12 AM, Guy Boisvert
<[EMAIL PROTECTED]> wrote:
> Michael Gabriel wrote:
>>
>> just wanted to get some feedback from the community. Over the last few
>> days I have noticed my web server and email box have attempted to ssh'd to
>> using weird names like admin,appuser,nobod
Michael Gabriel wrote:
just wanted to get some feedback from the community. Over the last few
days I have noticed my web server and email box have attempted to ssh'd to
using weird names like admin,appuser,nobody,etc None of these are
valid users. I know that I can block sshd all together wi
On Mon, Jul 21, 2008, John R Pierce wrote:
> Bo Lynch wrote:
>> we have been looking at implementing OpenVPN to allow access to the
>> internal LAN. For a firewall, we basically have iptables with 2 nics doing
>> NAT. So would the OpenVPN server live inside of our private network and
>> just do som
Bo Lynch wrote:
we have been looking at implementing OpenVPN to allow access to the
internal LAN. For a firewall, we basically have iptables with 2 nics doing
NAT. So would the OpenVPN server live inside of our private network and
just do some forwards with iptables on the firewall or would it be
On Mon, July 21, 2008 6:47 pm, Bill Campbell wrote:
> On Tue, Jul 22, 2008, D Steward wrote:
>>On Mon, 2008-07-21 at 17:09 -0500, Tim Nelson wrote:
>>> When using denyhosts, you'll want to keep your IP's in hosts.allow so
>>> even if you're "banned" you can still get access. :-)
>>
>>Yup.
>>Unfort
Pfsense rules...in my humble opinion, does the job better than iptables. and
like John said it can be easily configured via web.
--
"It is human nature to think wisely and act in an absurd fashion."
"Todo el desorden del mundo proviene de las profesiones mal o mediocremente
servidas"
___
nate wrote:
I don't like/use OpenBSD for anything other than firewalls. But I
do think as a firewall, pf really can't be beat, the configuration
for typical rules just 'flows'. IPTables by comparison is so cryptic.
(speaking as a past user of ipfwadm, ipfw, ipchains, iptables, pf,
and Cisco PIX,
Bo Lynch wrote:
just wanted to get some feedback from the community. Over the last few
days I have noticed my web server and email box have attempted to ssh'd to
using weird names like admin,appuser,nobody,etc None of these are
valid users. I know that I can block sshd all together with iptab
D Steward wrote:
> Because I don't believe a solution such as fail2ban will scale (it can't
> be healthy having tens of thousands of IPs in iptables), I use denyhosts
Wherever possible I use layer 2 bridging OpenBSD firewalls in front of
my networks, I don't have a problem with brute force attack
On Tue, Jul 22, 2008, D Steward wrote:
>On Mon, 2008-07-21 at 17:09 -0500, Tim Nelson wrote:
>> When using denyhosts, you'll want to keep your IP's in hosts.allow so even
>> if you're "banned" you can still get access. :-)
>
>Yup.
>Unfortunately, my ISP's plan uses dynamic IPs, so I have to enter
On Mon, 2008-07-21 at 17:09 -0500, Tim Nelson wrote:
> When using denyhosts, you'll want to keep your IP's in hosts.allow so even if
> you're "banned" you can still get access. :-)
Yup.
Unfortunately, my ISP's plan uses dynamic IPs, so I have to enter
various subnets to stay safe. :(
___
CTED]>
To: "CentOS mailing list"
Sent: Monday, July 21, 2008 5:05:13 PM GMT -06:00 Guadalajara / Mexico City /
Monterrey
Subject: Re: [CentOS] Ideas for stopping ssh brute force attacks
Just one other thing: if you use a script, you need to be careful you
don't accidentally ban
Provided you have ssh set up to ensure that root cannot login directly
and/or keys instead of passwords must be used, you aren't in much danger
of being compromised.
To ensure the logs are mostly kept clean however, you need yet another
solution such as changing the port, port-knocking, or a scrip
"Lanny Marcus" <[EMAIL PROTECTED]> wrote:
>>
The above link is mostly dead. The data isn't there yet.
<<
I did a write-up on generating SSH keys on both Windows and Linux, along
with some additional tips on OpenSSH configuration. It's at
http://www.lesbell.com.au/Home.nsf/web/SSH+for+Server+Admi
iptables -N SSHSCAN
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSHSCAN
iptables -A SSHSCAN -m recent --set --name SSH
iptables -A SSHSCAN -m recent --update --seconds 300 --hitcount 3 --name SSH
-j DROP
hey, this is awesome. we're currently filtering log files looking for
multi
"Bo Lynch" <[EMAIL PROTECTED]> wrote:
>>
Just wanted to know if anyone had any experience with anything like these
programs or have any other advice.
<<
No need for any add-ons. Just do two things:
1. Disable password logins. In /etc/ssh/sshd_config, add
PasswordAuthentication no
Now you will
Dan Carl wrote:
Just change the default port.
You can also limit the allowed nocks on door with iptables, but changing the
port is much eaieer.
Cleans up the logs real nice.
Dan
I'll second that. Combining that with the SSH iptables entries to limit
the number of attempts will help as wel
Bo Lynch wrote:
> just wanted to get some feedback from the community. Over the last few
> days I have noticed my web server and email box have attempted to
> ssh'd to using weird names like admin,appuser,nobody,etc None of
> these are valid users. I know that I can block sshd all together with
On Mon, Jul 21, 2008 at 4:08 PM, Lanny Marcus <[EMAIL PROTECTED]> wrote:
> On Mon, Jul 21, 2008 at 3:43 PM, Bo Lynch <[EMAIL PROTECTED]> wrote:
>> just wanted to get some feedback from the community. Over the last few
>> days I have noticed my web server and email box have attempted to ssh'd to
>>
Bo Lynch wrote:
just wanted to get some feedback from the community. Over the last few
days I have noticed my web server and email box have attempted to ssh'd to
using weird names like admin,appuser,nobody,etc None of these are
valid users. I know that I can block sshd all together with iptab
On Mon, Jul 21, 2008 at 4:11 PM, Dan Carl <[EMAIL PROTECTED]> wrote:
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > Behalf Of Bo Lynch
> > Sent: Monday, July 21, 2008 3:43 PM
> > To: centos@centos.org
> >
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Behalf Of Bo Lynch
> Sent: Monday, July 21, 2008 3:43 PM
> To: centos@centos.org
> Subject: [CentOS] Ideas for stopping ssh brute force attacks
>
>
> just wanted to get some feedback f
On Mon, Jul 21, 2008 at 3:43 PM, Bo Lynch <[EMAIL PROTECTED]> wrote:
> just wanted to get some feedback from the community. Over the last few
> days I have noticed my web server and email box have attempted to ssh'd to
> using weird names like admin,appuser,nobody,etc None of these are
> valid
Bo Lynch wrote:
just wanted to get some feedback from the community. Over the last few
days I have noticed my web server and email box have attempted to ssh'd to
using weird names like admin,appuser,nobody,etc None of these are
valid users. I know that I can block sshd all together with iptab
easiest way with centos board tools is iptable recent module ...
simply limit the amount of connections a host is allowed to the ssh port
iptables -N SSHSCAN
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSHSCAN
iptables -A SSHSCAN -m recent --set --name SSH
iptables -A SSHSCAN -m r
s.org
> Subject: [CentOS] Ideas for stopping ssh brute force attacks
>
> just wanted to get some feedback from the community. Over the last few
> days I have noticed my web server and email box have
> attempted to ssh'd to
> using weird names like admin,appuser,nobody,etc.
just wanted to get some feedback from the community. Over the last few
days I have noticed my web server and email box have attempted to ssh'd to
using weird names like admin,appuser,nobody,etc None of these are
valid users. I know that I can block sshd all together with iptables but
that will
49 matches
Mail list logo
