Date: Mon, 21 Nov 2005 13:26:21 +0100 From: Jeremie Le Hen <jeremie@le-hen.org> To: Marian Hettwer <MH@kernel32.de> Cc: Peter Jeremy <PeterJeremy@optushome.com.au>, ray@redshift.com, freebsd-security@freebsd.org Subject: Re: Need urgent help regarding security Message-ID: <20051121122621.GA5197@obiwan.tataz.chchile.org> In-Reply-To: <43819049.5090107@kernel32.de> References: <3.0.1.32.20051117232057.00a96750@pop.redshift.com> <43818643.5000206@kernel32.de> <20051121085221.GA4267@cirb503493.alcatel.com.au> <43819049.5090107@kernel32.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Marian, > Where is the protection, or rather the danger in being "visible" to > script kiddis? There's no security issue valid for script kiddis which > wouldn't be valid for any other attacker too. > The main question is: Where is the danger in script kiddies with their > brute force attacks? > I guess it's mainly the annoying fact that your logfile get's > unreadable. If that's the problem: use logsurfer or something similar to > analyze the logfile. > You just don't get more secure by moving the sshd to a different port > than port 22. Security is not absolute, as you surely know considering the fact you seem to be quite sensitive to it. I guess that most of running sshd(8) are bound to port tcp/22. If a group of hackers find a hole in OpenSSH's sshd(8) implementation in a very early stage of the connection (IOW before authentication) but do not disclose it - and only God knows how many undisclosed holes there are - then one can figure they want to avail themselves of this hole by working in collaboration with spammers or whatever. The best way they can work for this purpose is creating a massive exploitation tool in order to install as much spam agents as they can, before the hole is disclosed. Not having your sshd(8) bound to port 22 would save you from being exploited in this case. Of course, if this particular group of hackers wants to defeat _your_ network, this measure won't prevent them from exploiting your sshd(8). There is no need to involve kiddies, given that the tools they are using would surely appear far after the correction of the hole in the next OpenSSH release and all serious network administrators would have upgraded their boxes. Please, don't turn this thread into a troll. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051121122621.GA5197>