From owner-freebsd-questions@FreeBSD.ORG Thu Feb 9 12:05:57 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 968B116A420 for ; Thu, 9 Feb 2006 12:05:57 +0000 (GMT) (envelope-from ldrada@gmail.com) Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id B5E1C43D7E for ; Thu, 9 Feb 2006 12:05:54 +0000 (GMT) (envelope-from ldrada@gmail.com) Received: by uproxy.gmail.com with SMTP id k3so191910ugf for ; Thu, 09 Feb 2006 04:05:53 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=XAdnXaKK9SZW1jbFQyQb7E+olYJyadCv3m4Yp7DNuPq5teo7Vgwl56533pcnxVM5qf2qAUwS9kQeLOysgEX5TJaSW4eWYAS7KAhuv5xpc8pKphMA5RS8PJ6AO20GL+qwRg8s6D/HKAhGBzhwafNbmuxIO0+DyuQdv1RjsTk0+QI= Received: by 10.48.157.2 with SMTP id f2mr2348026nfe; Thu, 09 Feb 2006 04:05:52 -0800 (PST) Received: by 10.48.108.10 with HTTP; Thu, 9 Feb 2006 04:05:45 -0800 (PST) Message-ID: <5ceb5d550602090405r7b22d902ldbf6bafe7396f949@mail.gmail.com> Date: Thu, 9 Feb 2006 13:05:45 +0100 From: "Daniel A." To: Chris In-Reply-To: <3aaaa3a0602082033k10a927fcg@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <5ceb5d550602051357r27f07864lb408168902a68e12@mail.gmail.com> <20060205235513.GA20707@panix.com> <20060207004022.3e238768.atissita@btv.lv> <20060207035522.GA17514@panix.com> <3aaaa3a0602082033k10a927fcg@mail.gmail.com> Cc: Atis , David Scheidt , freebsd-questions@freebsd.org Subject: Re: IP Banning (Using IPFW) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2006 12:05:57 -0000 On 2/9/06, Chris wrote: > On 07/02/06, David Scheidt wrote: > > > > On Tue, Feb 07, 2006 at 12:40:22AM +0200, Atis wrote: > > > On Sun, 5 Feb 2006 18:55:13 -0500 > > > David Scheidt wrote: > > > > > > > > > > > Nonsense. There may be some people that only scan well-known ports= , > > > > but it's much more common to scan every port on a machine. If you'= re > > > > running a server on a non-standard port, an attacker will find it. > > > > > > > > > > sure, but 99% of the time the machines attacking your server are zomb= ies > > > that do not care to do a full portscan. i suppose the purpose is to > > > find other misconfigured, easy-to-hack computers on the network. by > > > putting your services on non-standard ports you get rid of these > > > mindless drones and don't pollute log files with useless garbage. > > > > > > now if somebody _does_ actually target your server in particular then > > > this is definitely not the solution. > > > > > > anywayz, putting things on non-standard ports helps a lot, and is > > > one of the first and easiest security measures an administrator > > > may consider. > > > > > > > Taking your clothes off and painting yourself blue is also one of the > > first and easiest security measures to consider. It's even more > > effective, too. I know of no machine that's been cracked that had a > > wheel naked and painted blue. I've seen lots running standard > > services on non-standard ports. > > > > Security through obscurity doesn't work, it makes tracking down > > other problems harder, and creates work to maintain non-standard > > configurations. > > > I understand his point, I see 2 types of problems we have to deal with. = The > thousands of drones that scan for boxes that are vulnerable to a specific > exploit, they will often scan ip ranges on a specific port and if its ope= n > see if its vulnerable. For these types of intruders chnging ports is ver= y > effective since you would simply be skipped past on their scan, for most = of > us 99% of attempted intrusions are zombie based or some script a kid has > downloaded of the web. > > The argument against changing ports is of course when you have a persiste= nt > hacker who wants in, he will of course scan all the ports and find the > service and this type of protection is nullified. In this scenario if yo= u > havent taken additional measures to secure the box then you may be in > trouble, > > I personally move things like sshd of its normal port simply to stop my l= ogs > been flooded with brute force logins and since I am the only one who uses > ssh there is no downside to it, I of course dont rely on this alone and k= eep > my software up to date amongst other security measures it is simply an ex= tra > layer of skin on the onion. For things like httpd I keep on port 80 as I > think moving the port of that is more hassle then its worth. I've seen someone mention how to move httpd to a non-reserved port (ie 8080), and let that change be transparent for the end-user by using ipf. I dont know how, though. > > Chris > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >