Security Basics mailing list archives

Re: what to do?

From: zp <zperkov () gmail com>
Date: Tue, 30 Aug 2005 22:43:04 -0400

Of course..but for this instance, a simple port change would
cure his paranoia. Anyone with port 22 open on their fw
has logs full of this crap. If i found the same dictionary attack
on 1 (or 2) of my non-default ports then some of the suggestions
mentioned would be worth looking into / implementing. 

And lets say it was a specific malicious event directed towards him,
his sshd logs are not going to help him figure out whats going on neither
will other logs on the system. 

I dont mean to belittle any of the solutions stated as they all are valid and
and clever but, they will not help you identify a malicious intruder. IMO only
a well maintaned snort (or other ids tool) will give you the ability
to seriously
ask " was i hacked?"

-z

On 8/30/05, Shane Singh <shane () nextwaveaudio com au> wrote:

All great suggestions thusfar. I found it easier
to just change the default port for ssh.


Just remember all the security 101 notes about "security through
obscurity"

:)

--
Shaineel Singh
e: mailto: shane () nextwaveaudio com au
w: http://nextwaveaudio.com.au/shsingh
p: 0424 620 254

--
"Life can be magnificent and overwhelming - That is its whole tragedy.
Without beauty, love, or danger it would almost be easy to live." Albert
Camus

Current thread:

Re: what to do?, (continued)
- - - Re: what to do? zp (Aug 30)
- Re: what to do? Barrie Dempster (Aug 29)
- Re: what to do? paavan shah (Aug 29)
- Re: what to do? Alexander Klimov (Aug 30)
- Re: what to do? Anthony J Placilla (Aug 30)
- RE: what to do? Mehmet Buyukozer (Aug 31)
- RE: what to do? Rochford, Paul (BOI Compliance) (Aug 30)
- RE: what to do? Shane Singh (Aug 30)
- Re: what to do? Steve.Cummings (Aug 30)
- RE: what to do? Shane Singh (Aug 31)
  - Re: what to do? zp (Aug 31)