attack on my server

Dave Bour dcbour-Uj1Tbf34OBsy5HIR1wJiBuOEVfOsBSGQ at public.gmane.org
Mon Aug 27 20:39:04 UTC 2007


I trash anything outside of Western Europe and North America.  Yep, won't keep out the bored university students but 90% of my attacks trace out to Eastern Europe or Asia.
D.

> -----Original Message-----
> From: owner-tlug-lxSQFCZeNF4 at public.gmane.org [mailto:owner-tlug-lxSQFCZeNF4 at public.gmane.org] On Behalf Of Jamon
> Camisso
> Sent: Monday, August 27, 2007 4:28 PM
> To: tlug-lxSQFCZeNF4 at public.gmane.org
> Subject: Re: [TLUG]: attack on my server
>
> Neil Watson wrote:
> > On Mon, Aug 27, 2007 at 03:46:43PM -0400, Jamon Camisso wrote:
> >> Easiest is to move ssh from port 22 to another port, something
> random,
> >> above 1024.
> >
> > I think this gives a false sense of security.  You have to assume
> that
> > if a port is publicly available then cracker will find it.  After all
> > only a 5 minute port scan stands between him and the obfuscated port.
>
> Sure, again keys are best. But moving the port reduces automated scans
> drastically, I'd say by an order of magnitude at least, usually more.
>
> If you're up against a cracker who wants in, then any open port is a
> potential vulnerability. If you have to have passwords, move the port,
> use fail2ban/denyhosts, and maybe setup port-knocking too.
>
> Jamon
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list