On Sat, 25 Dec 2004, Kevin wrote:
> On Fri, 24 Dec 2004 16:00:45 -0600 (CST), Ron DuFresne
> <[EMAIL PROTECTED]> wrote:
> > It might depend upon how the algorithim is implimented, say, search for
> > easy to find vuln systems with stadard port open, till perhaps 10 or 100
> > or some given number
On Fri, 24 Dec 2004 16:00:45 -0600 (CST), Ron DuFresne
<[EMAIL PROTECTED]> wrote:
> It might depend upon how the algorithim is implimented, say, search for
> easy to find vuln systems with stadard port open, till perhaps 10 or 100
> or some given number are found and infected, then go back through
On Fri, 24 Dec 2004, Ben Hawkes wrote:
> On Thu, Dec 23, 2004 at 12:43:31AM -0600, Ron DuFresne wrote:
> > My thoughts on this have centered on the point that there are too many
> > decent scanning and banner grabbing tools out there to make botuse port
> > assingments off the default any much goo
On Fri, 24 Dec 2004 18:19:34 +1300, Ben Hawkes
<[EMAIL PROTECTED]> wrote:
> the internet being high enough to be an attractive target for a worm. In
> the end, running a service on a non-standard port at this point in time
> is a useful part of a layered security approach, if only to inhibit
> wor
On Thu, Dec 23, 2004 at 12:43:31AM -0600, Ron DuFresne wrote:
> My thoughts on this have centered on the point that there are too many
> decent scanning and banner grabbing tools out there to make botuse port
> assingments off the default any much good at obscuring the service.
>
> We are lucky in
This is my first post, so bare with me.
It is important to distinguish between motivated active attacks
performed by humans, and automated and often poorly crafted worms and
automated attacks. Even though the use of for example non-standard
ports will not stop an attack by intelligent people, the
Willem Koenings wrote:
On Wed, 22 Dec 2004 02:40:25 -0600 (CST), Ron DuFresne
<[EMAIL PROTECTED]> wrote:
I'd disagree in that the tools are getting to be well enough defined that
we are all targets. Best game is to restrict who has access to the ports
being served whenever possible, openssh has a
On Wed, 22 Dec 2004, Willem Koenings wrote:
> On Wed, 22 Dec 2004 02:40:25 -0600 (CST), Ron DuFresne
> <[EMAIL PROTECTED]> wrote:
>
>
> > I'd disagree in that the tools are getting to be well enough defined that
> > we are all targets. Best game is to restrict who has access to the ports
> > bein
On Wed, 22 Dec 2004 02:40:25 -0600 (CST), Ron DuFresne
<[EMAIL PROTECTED]> wrote:
> I'd disagree in that the tools are getting to be well enough defined that
> we are all targets. Best game is to restrict who has access to the ports
> being served whenever possible, openssh has a history that m
ay, December 21, 2004 4:37 PM
> To: full-disclosure@lists.netsys.com
> Subject: Re: [Full-Disclosure] OpenSSH is a good choice?
>
> on Tue Dec 21 14:54:44 EST 2004, Ron DuFresne wrote
>
> > the non std port advice is not worth much, security through
> obscurity
> > kinda t
On Wed, 22 Dec 2004, Willem Koenings wrote:
> on Tue Dec 21 14:54:44 EST 2004, Ron DuFresne wrote
>
> > the non std port advice is not worth much, security through
> > obscurity kinda thing.
>
> wrong. non standard port helps quite well against automated scans.
> most targets nowadays are searched
on Tue Dec 21 14:54:44 EST 2004, Ron DuFresne wrote
> the non std port advice is not worth much, security through
> obscurity kinda thing.
wrong. non standard port helps quite well against automated scans.
most targets nowadays are searched via automated scans. if you are
painted red, you get att
On Tue, 21 Dec 2004, ALD, Aditya, Aditya Lalit Deshmukh wrote:
> I am going to install OpenSSH in one of my servers, but I want to make
> >sure it is secure.
> >Does anybody know about vulnerabilites on OpenSSH, if yes, would you
> >like to suggest me another remote secure shell ?
>
> There is a s
On Sat, 2004-12-18 at 01:49 -0200, Carlos de Oliveira wrote:
> Hi there!
>
> I am going to install OpenSSH in one of my servers, but I want to make
> sure it is secure.
> Does anybody know about vulnerabilites on OpenSSH, if yes, would you
> like to suggest me another remote secure shell ?
OpenSS
I am going to install OpenSSH in one of my servers, but I want to make
>sure it is secure.
>Does anybody know about vulnerabilites on OpenSSH, if yes, would you
>like to suggest me another remote secure shell ?
There is a strong possibility that open port 22 will start attracting script
kiddie
Always use the latest stable release, and follow the update pace,
since no one is secure forever, security is a dynamic concept.
On Sat, 18 Dec 2004 01:49:39 -0200, Carlos de Oliveira
<[EMAIL PROTECTED]> wrote:
> Hi there!
>
> I am going to install OpenSSH in one of my servers, but I want to mak
Thank you all for you attention!
This helps me a lot. :-)
On Mon, 20 Dec 2004 18:12:21 -0600, Kevin <[EMAIL PROTECTED]> wrote:
> Nobody sitting on exploits for the current version of OpenSSH will
> share them in public.
>
> Of the available SSH servers, OpenSSH (if you deploy the latest
> versio
On 17 Dec 2004, at 19:49, Carlos de Oliveira wrote:
I am going to install OpenSSH in one of my servers, but I want to make
sure it is secure.
Does anybody know about vulnerabilites on OpenSSH, if yes, would you
like to suggest me another remote secure shell ?
There are no current open vulnerabiliti
18 matches
Mail list logo