Re: [HACKERS] What's going on with pgfoundry?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --On Wednesday, November 26, 2008 17:42:12 -0500 Tom Lane <[EMAIL PROTECTED]> wrote: > "Marc G. Fournier" <[EMAIL PROTECTED]> writes: >> <[EMAIL PROTECTED]> wrote: >>> Well they can still talk to the port of course but its irrelevant >>> because

Re: [HACKERS] What's going on with pgfoundry?

Marc G. Fournier wrote: > - --On Wednesday, November 26, 2008 14:12:42 -0800 "Joshua D. Drake" > <[EMAIL PROTECTED]> wrote: > > > Well they can still talk to the port of course but its irrelevant > > because unless they have an ssh key, they aren't getting in. Period. > > Well, they weren't get

Re: [HACKERS] What's going on with pgfoundry?

"Marc G. Fournier" <[EMAIL PROTECTED]> writes: > <[EMAIL PROTECTED]> wrote: >> Well they can still talk to the port of course but its irrelevant >> because unless they have an ssh key, they aren't getting in. Period. > Well, they weren't getting in before ... i twas the massive flood of attempts >

Re: [HACKERS] What's going on with pgfoundry?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --On Wednesday, November 26, 2008 14:12:42 -0800 "Joshua D. Drake" <[EMAIL PROTECTED]> wrote: > Well they can still talk to the port of course but its irrelevant > because unless they have an ssh key, they aren't getting in. Period. Well, they

Re: [HACKERS] What's going on with pgfoundry?

Joshua D. Drake wrote: On Wed, 2008-11-26 at 18:06 -0400, Marc G. Fournier wrote: Since were chatting :P. My vote would be to move everything back to port 22 and force key based auth only. How does that work? Does that kill the script kiddies in their tracks? I'm guessing so, b

Re: [HACKERS] What's going on with pgfoundry?

On Wed, 2008-11-26 at 18:06 -0400, Marc G. Fournier wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Since were chatting :P. My vote would be to move everything back to port > > 22 and force key based auth only. > > How does that work? Does that kill the script kiddies in their tracks

Re: [HACKERS] What's going on with pgfoundry?

Marc G. Fournier wrote: > >> Since were chatting :P. My vote would be to move everything back to port >> 22 and force key based auth only. > > How does that work? Does that kill the script kiddies in their tracks? I'm > guessing so, but had never thought to try it ... Depends on where the prob

Re: [HACKERS] What's going on with pgfoundry?

Marc G. Fournier wrote: > How would someone upload their key if they don't have access? Some sort of > web > interface? One wouldn't want to throw extra admin overhead if it can be > avoided ... pgfoundry already has a web interface for uploading SSH keys. -- Alvaro Herrera

Re: [HACKERS] What's going on with pgfoundry?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --On Wednesday, November 26, 2008 14:00:59 -0800 "Joshua D. Drake" <[EMAIL PROTECTED]> wrote: > Since were chatting :P. My vote would be to move everything back to port > 22 and force key based auth only. How does that work? Does that kill the

Re: [HACKERS] What's going on with pgfoundry?

On Wed, 2008-11-26 at 13:57 -0800, Steve Crawford wrote: > David Fetter wrote: > > > > > > We should move to a port-knocking > > or other modern > > strategy if we're going to move at all. > > > > > Yeah, but telling my firewall to move port 22 ins

Re: [HACKERS] What's going on with pgfoundry?

David Fetter wrote: We should move to a port-knocking or other modern strategy if we're going to move at all. Yeah, but telling my firewall to move port 22 inside to port outside took less time than writing this email. Inside the firewal

Re: [HACKERS] What's going on with pgfoundry?

On Wed, Nov 26, 2008 at 10:51:23AM -0800, Steve Crawford wrote: > Kris Jurka wrote: >> On Wed, 26 Nov 2008, Dave Page wrote: >> >>> It's the same IP address - but try port 35 for ssh. Marc changed >>> it (temporarily) due to a vast number of malicious connection >>> attempts. >> >> Why wasn't this

Re: [HACKERS] What's going on with pgfoundry?

Steve Crawford wrote: I have changed the external ssh port on all machines I administer. The result is the complete elimination of the previous hundreds to thousands of daily script-kiddie brute-force attempts I used to see. +1 We have not used port 22 in our production network for year

Re: [HACKERS] What's going on with pgfoundry?

On Wed, 26 Nov 2008, Steve Crawford wrote: Obscurity should not be your *only* line of defense, but camouflage helps as well. And even if it didn't, it still reduces server-load, bandwidth and heaps of logfile cruft. In order case, thankfully, there was minimal banwidth impact, but the serve

Re: [HACKERS] What's going on with pgfoundry?

Kris Jurka wrote: On Wed, 26 Nov 2008, Dave Page wrote: It's the same IP address - but try port 35 for ssh. Marc changed it (temporarily) due to a vast number of malicious connection attempts. Why wasn't this change communicated to anyone, not even gforge-admins? How temporary is tempora

Re: [HACKERS] What's going on with pgfoundry?

On Wed, 26 Nov 2008, Dave Page wrote: It's the same IP address - but try port 35 for ssh. Marc changed it (temporarily) due to a vast number of malicious connection attempts. Why wasn't this change communicated to anyone, not even gforge-admins? How temporary is temporary? Kris Jurka -

Re: [HACKERS] What's going on with pgfoundry?

On Wed, Nov 26, 2008 at 2:43 PM, Tatsuo Ishii <[EMAIL PROTECTED]> wrote: > Today I noticed I cannot login to cvs.pgfoundry.org anymore since the > IP address has been changed am asked password which seems to be > changed. So I cannot use CVS any more. Does anybody why this happens > and how to fix

[HACKERS] What's going on with pgfoundry?

Today I noticed I cannot login to cvs.pgfoundry.org anymore since the IP address has been changed am asked password which seems to be changed. So I cannot use CVS any more. Does anybody why this happens and how to fix it? -- Tatsuo Ishii SRA OSS, Inc. Japan -- Sent via pgsql-hackers mailing list