[Cialug] denyhosts logging LOTS of attacks
Chris Freeman
cwfreeman at gmail.com
Tue May 13 14:35:22 CDT 2008
On Tue, May 13, 2008 at 1:57 PM, Tim Wilson <tim_linux at wilson-home.com>
wrote:
> That's what I thought, until I got hacked 6 years ago. Granted, I did
> have an older ssh, but at the time, it wasn't that old. Now, at the
> firewall level I only allow a certain range of IP addresses access to port
> 22. ...
>
I like what Linus Torvalds does: no (externally initiated) incoming
connections (to his home) at all. No SSH, no HTTP, no HTTPS, no GIT, no
nothing. Obviously, it's not ideal if you're running a web page from your
house. ;-)
Another 'solution' is to use a port-knock daemon. But don't confuse this for
real security. Similar to moving the port number, it's just going to lower
the traffic on your line. It's not going to keep someone out who knows how
to monitor your network traffic (or how to get a hold of your ISP's network
traffic logs with a candy-bar or baseball bat).
If you let connections in, there's risk. And there's no substitute for using
the latest stable software and knowing how to configure it.
>
> On Tue, May 13, 2008 at 1:38 PM, Daniel A. Ramaley <
> daniel.ramaley at drake.edu> wrote:
>
> > On Tuesday 13 May 2008 12:53, Josh More wrote:
> >
> >
> ... dictionary attacks. Have those
> > *ever* worked? I've not personally encountered a system so insecure a
> > dictionary attack would work against it...
> >
>
I have. We had a client who consistently set up their usernames and
passwords to be the same no matter how much we warned them. No surprise,
they got nailed by a dictionary attack. (Clearly, our expectations were out
of sync with reality, and we should have provided a different administration
model.)
If those attacks are happening, lots of people are being exploited.
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/cialug/attachments/20080513/d6b6c63e/attachment-0001.html
More information about the Cialug
mailing list