Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.development.apps > #282

Re: Security problem

From Rainer Weikusat <rweikusat@mssgmbh.com>
Newsgroups comp.os.linux.development.apps
Subject Re: Security problem
Date 2011-12-01 13:34 +0000
Message-ID <87ipm0quu6.fsf@sapphire.mobileactivedefense.com> (permalink)
References <j3jrp5$534$1@speranza.aioe.org> <cd90j8-mnq.ln1@crazy-horse.bildanet.com> <5LadnfB9uvXse_3TnZ2dnUVZ7oGdnZ2d@lyse.net> <jb7kle$7it$1@dont-email.me> <ZP6dnXFAC4ua8krTnZ2dnUVZ8h6dnZ2d@lyse.net>

Show all headers | View raw

David Brown <david@westcontrol.removethisbit.com> writes:
> On 01/12/2011 11:24, Noob wrote:
>> David Brown wrote:
>>
>>> The easiest and most effective step to limiting dictionary attacks is
>>> simply to use a non-standard port.  Put your sshd on port 222 instead of
>>> 22, and no attacker will ever find it.
>>
>> Famous last words.
>>
>> Meet nmap.
>
> Worms and script kiddies go for standard ports, using common login
> names and passwords, on large ranges of IP addresses.

Yes. And the solution to this problem is to use 'strong' passwords or
no passwords at all but key based authentication. 

> If an IP address doesn't have an sshd on port 22, they find a
> different address that does.  Why waste time on a system that is
> harder to break into when there are so many others around?

This is a self-defeating strategy: The more people hide their keys
under the backdoor doormat instead of the frontdoor doormat, the more
likely it becomes that 'lazy burglars' will routinely check both.
And even a lazy burglar might occasionally get bored and try the other
doormat just for a change.

> Of course you don't put sshd on port 222 and then put your root
> password as "secret".  But as part of a security strategy it is
> excellent for cutting out virtually all drive-by attacks, and reducing
> the noise in your logs.

It is a minor pain-in-the-ass for users and actually, antisocial
behaviour (at least in some theoretical sense): When you notice
'lights on and strange noises' in your neighbour's house while he's on
holiday, you should call the police (send a complaint to the abuse
address corresponding with the IP) instead of thinking "Glad they
didn't come over here" and turn back to your TV.

NB: I usually ignore apnic break-in attemtps altogether but I usually
try to notify someone if the compromised system used by the attacker
appears to belong to some 'generally reputable organization' (aka
university). This is not supposed to imply that 'those Chinese people
are all crooks, anyway', just a realistic assessment of the chance to
reach someone there who understand English well enough to make sense
of the mail.

Back to comp.os.linux.development.apps | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Security problem jacob navia <jacob@spamsink.net> - 2011-08-31 01:29 +0200
  Re: Security problem GangGreene <GangGreene@invalid.com> - 2011-08-30 19:47 -0400
    Re: Security problem jacob navia <jacob@spamsink.net> - 2011-08-31 02:20 +0200
    Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-09-02 16:19 +0200
      Re: Security problem Noob <root@127.0.0.1> - 2011-12-01 11:24 +0100
        Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-12-01 13:11 +0100
          Re: Security problem Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-12-01 13:34 +0000
            Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-12-01 16:19 +0100
              Re: Security problem Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-12-01 17:10 +0000
                Re: Security problem David Brown <david.brown@removethis.hesbynett.no> - 2011-12-01 23:17 +0100
                Re: Security problem Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-12-01 22:34 +0000
                Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-12-02 10:25 +0100
                Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-12-02 10:37 +0000
                Re: Security problem Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-12-02 14:44 +0000
                Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-12-02 17:11 +0100
                Re: Security problem André Gillibert <MetaEntropy.removeThis@gmail.com> - 2011-12-03 11:45 +0100
                Re: Security problem Noob <root@127.0.0.1> - 2011-12-05 13:26 +0100
  Re: Security problem Carlos Moreno <moreno_news@mailinator.com> - 2011-09-01 11:47 -0400
    Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-01 17:01 +0100
      Re: Security problem Carlos Moreno <moreno_news@mailinator.com> - 2011-09-01 15:48 -0400
        Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-01 22:44 +0100
          Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-02 14:27 +0100
      Re: Security problem Jasen Betts <jasen@xnet.co.nz> - 2011-09-02 11:06 +0000
        Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-02 13:49 +0100
          Re: Security problem Carlos Moreno <moreno_news@mailinator.com> - 2011-09-02 13:58 -0400
            Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-02 19:31 +0100
  Re: Security problem "Ersek, Laszlo" <lacos@caesar.elte.hu> - 2011-09-01 21:01 +0200

csiph-web