On Mon, Feb 04, 2008, John Horne wrote:
>
>On Wed, 2008-01-30 at 13:11 -0800, Bill Campbell wrote:
>> On Wed, Jan 30, 2008, Brian Mathis wrote:
>> ...
>> >
>> >Log parsing scripts often don't provide the immediacy that rate
>> >limiting does when under attack. You'd have to run the script
>> >cons
On Wed, 2008-01-30 at 13:11 -0800, Bill Campbell wrote:
> On Wed, Jan 30, 2008, Brian Mathis wrote:
> ...
> >
> >Log parsing scripts often don't provide the immediacy that rate
> >limiting does when under attack. You'd have to run the script
> >constantly parsing logs, since most ssh scans come i
mouss wrote:
Les Bell wrote:
mouss <[EMAIL PROTECTED]> wrote:
If you consider this security through obscurity, then why not publish
the list of your users on a public web page? after all, you should use
strong passwords, so why hide usernames?
<<
Usernames are comparatively hard to guess,
Jay Leafey wrote:
What I would I like to do is:
- allow 22 from specific IPs
- allow another port (redirected) from anywhere. this port is then
redirected to 22.
I do exactly this with a combination of SSH config options and
iptables rules. In your /etc/ssh/sshd_config file, find the "Po
Les Bell wrote:
mouss <[EMAIL PROTECTED]> wrote:
If you consider this security through obscurity, then why not publish
the list of your users on a public web page? after all, you should use
strong passwords, so why hide usernames?
<<
Usernames are comparatively hard to guess, and chosen fro
James B. Byrne wrote:
I am not a fan of security through obscurity.
You're diluting a useful phrase.
It originally referred to practices where obscurity was the _only_
source of security. As soon as you saw through the obscurity, there was
no security. Of course, this means that there w
On Wed, Jan 30, 2008 at 12:17:22PM -0500, Ed Donahue wrote:
> I use this one, works great and easy to setup
> http://rfxnetworks.com/bfd.php
This is how I deal with them: deny by default unless you know the
"secret handshake".
http://wiki.xdroop.com/space/Linux/Limited+SSH+Access
--
/\oo/\
/
What I would I like to do is:
- allow 22 from specific IPs
- allow another port (redirected) from anywhere. this port is then
redirected to 22.
I do exactly this with a combination of SSH config options and iptables
rules. In your /etc/ssh/sshd_config file, find the "Port 22" statement
a
mouss <[EMAIL PROTECTED]> wrote:
>>
If you consider this security through obscurity, then why not publish
the list of your users on a public web page? after all, you should use
strong passwords, so why hide usernames?
<<
Usernames are comparatively hard to guess, and chosen from a large space -
James B. Byrne wrote:
Message-ID: <[EMAIL PROTECTED]>
On: Tue, 29 Jan 2008 07:30:11 -0600, Johnny Hughes <[EMAIL PROTECTED]>
Subject Was: [CentOS] Unknown rootkit causes compromised servers
SOME of the script kiddies check higher ports for SSH *_BUT_* I only see
4% of the brute force attemp
On Wed, Jan 30, 2008, Brian Mathis wrote:
...
>
>Log parsing scripts often don't provide the immediacy that rate
>limiting does when under attack. You'd have to run the script
>constantly parsing logs, since most ssh scans come in bursts.
We use swatch for this and othter interesting events (e.g.
Good security is like an onion. The users' think it smells...
No, it's layered.
Changing the the sshd port from the default does add a layer, a thin
layer, but a layer all the same.
The rate limiting is a somewhat thicker layer.
I personally prefer to block all ssh traffic from the internet
Brian Mathis wrote:
@James:
As for the "security through obscurity" post, you are missing the
point. Changing the port number that SSH runs on is not "security
through obscurity". Moving an already highly secure service to a
different port so scanners don't hit it automatically is a different
On Wed, Jan 30, 2008 at 12:17 PM, Ed Donahue <[EMAIL PROTECTED]> wrote:
> On Jan 30, 2008 11:54 AM, James B. Byrne <[EMAIL PROTECTED]> wrote:
> > Message-ID: <[EMAIL PROTECTED]>
> >
> > On: Tue, 29 Jan 2008 07:30:11 -0600, Johnny Hughes <[EMAIL PROTECTED]>
> > Subject Was: [CentOS] Unknown rootkit
I use this one, works great and easy to setup
http://rfxnetworks.com/bfd.php
On Jan 30, 2008 11:54 AM, James B. Byrne <[EMAIL PROTECTED]> wrote:
> Message-ID: <[EMAIL PROTECTED]>
>
> On: Tue, 29 Jan 2008 07:30:11 -0600, Johnny Hughes <[EMAIL PROTECTED]>
> Subject Was: [CentOS] Unknown rootkit ca
Message-ID: <[EMAIL PROTECTED]>
On: Tue, 29 Jan 2008 07:30:11 -0600, Johnny Hughes <[EMAIL PROTECTED]>
Subject Was: [CentOS] Unknown rootkit causes compromised servers
>
> SOME of the script kiddies check higher ports for SSH *_BUT_* I only see
> 4% of the brute force attempts to login on ports o
16 matches
Mail list logo
