On Fri, 2015-02-13 at 18:27 -0800, PatrickD Garvey wrote:
> On Fri, Feb 13, 2015 at 7:12 AM, Lamar Owen wrote:
> > On 02/13/2015 05:41 AM, James Hogarth wrote:
> >
> > This is also why the Orange Book and its Rainbow kin exist (Orange Book =
> > 5200.28-STD, aka DoD Trusted Computer System Evaluat
On Fri, Feb 13, 2015 at 7:12 AM, Lamar Owen wrote:
> On 02/13/2015 05:41 AM, James Hogarth wrote:
>
> This is also why the Orange Book and its Rainbow kin exist (Orange Book =
> 5200.28-STD, aka DoD Trusted Computer System Evaluation Criteria).
>
Should anyone care to learn from the Rainbow Books
On Fri, 2015-02-13 at 11:21 -0500, m.r...@5-cent.us wrote:
> I disagree - I am in the "waste of time" camp. The reality is that only
> script kiddies start out by trying 22 (and I *do* mean script kiddies -
> I've seen attempts to ssh in that were obviously from warez, man, where
> they were too
On Fri, 2015-02-13 at 10:03 -0600, Valeri Galtsev wrote:
> On Fri, February 13, 2015 9:05 am, Always Learning wrote:
> > I always change the SSH port to something conspicuously different. Every
> > server has a different and difficult to guess SSH port number with
> > access restricted to a few
> On Feb 13, 2015, at 9:03 AM, Valeri Galtsev wrote:
>
> ...changing port numbers...does not really add security. Security through
> obscurity is only considered to be efficient by Windows folks.
“Security through obscurity” is an overused mantra of derision.
Originally, it was a cry against sy
Always Learning wrote:
>
> On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote:
>
>> On 02/13/2015 09:15 AM, Chris Adams wrote:
>> > Yeah, the old "move stuff to alternate ports" thing is largely a waste
>> > of time and just makes it more difficult for legitimate use. With
>> > large bot networks
On Fri, February 13, 2015 9:05 am, Always Learning wrote:
>
> On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote:
>
>> On 02/13/2015 09:15 AM, Chris Adams wrote:
>> > Yeah, the old "move stuff to alternate ports" thing is largely a waste
>> > of time and just makes it more difficult for legitimat
On 02/13/2015 05:41 AM, James Hogarth wrote:
This is horrible advice anyway. It's not a good idea to run SSH on a port
greater than 1024 since if a crash exploit is used to kill the process a
non-root trojan process faking SSH to gather credentials could then bind on
that port trivially totally c
On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote:
> On 02/13/2015 09:15 AM, Chris Adams wrote:
> > Yeah, the old "move stuff to alternate ports" thing is largely a waste
> > of time and just makes it more difficult for legitimate use. With
> > large bot networks and tools like zmap, finding
On 02/13/2015 09:15 AM, Chris Adams wrote:
Yeah, the old "move stuff to alternate ports" thing is largely a waste
of time and just makes it more difficult for legitimate use. With
large bot networks and tools like zmap, finding services on alternate
ports is not that hard for the "bad guys".
Once upon a time, James Hogarth said:
> If you really want to SSH to a port other than 22 for a little obscurity
> use an iptables dnat to map the high port to local host 22 and block 22
> from external connections.
Yeah, the old "move stuff to alternate ports" thing is largely a waste
of time an
> On 12/02/15 20:03, Warren Young wrote:
> > Hi, just a quick note to whoever is maintaining this page:
> >
> > http://wiki.centos.org/HowTos/Network/SecuringSSH
> >
> > The procedure is missing the firewall-cmd calls necessary in EL7:
> >
> > firewall-cmd --add-port 2345/tcp
> > firewall-cmd
On 12/02/15 20:03, Warren Young wrote:
> Hi, just a quick note to whoever is maintaining this page:
>
> http://wiki.centos.org/HowTos/Network/SecuringSSH
>
> The procedure is missing the firewall-cmd calls necessary in EL7:
>
> firewall-cmd --add-port 2345/tcp
> firewall-cmd --add-port 2
Warren Young wrote:
> Hi, just a quick note to whoever is maintaining this page:
>
> http://wiki.centos.org/HowTos/Network/SecuringSSH
>
> The procedure is missing the firewall-cmd calls necessary in EL7:
>
> firewall-cmd --add-port 2345/tcp
> firewall-cmd --add-port 2345/tcp --permanent
>
>
Hi, just a quick note to whoever is maintaining this page:
http://wiki.centos.org/HowTos/Network/SecuringSSH
The procedure is missing the firewall-cmd calls necessary in EL7:
firewall-cmd --add-port 2345/tcp
firewall-cmd --add-port 2345/tcp --permanent
Also, it may be worth mentioning tha
15 matches
Mail list logo
