Date: Mon, 21 Nov 2005 08:35:09 -0800 (PST) From: dtalk-ml@prairienet.org To: Danny Carroll <danny@dannysplace.net> Cc: Peter Jeremy <PeterJeremy@optushome.com.au>, ray@redshift.com, Jeremie Le Hen <jeremie@le-hen.org>, Marian Hettwer <MH@kernel32.de>, freebsd-security@freebsd.org Subject: Re: Need urgent help regarding security Message-ID: <Pine.LNX.4.63.0511210816460.26145@atlantis.flyingjoke.org> In-Reply-To: <00dd01c5eea4$1bb178b0$6501a8c0@llama> References: <3.0.1.32.20051117232057.00a96750@pop.redshift.com><43818643.5000206@kernel32.de><20051121085221.GA4267@cirb503493.alcatel.com.au><43819049.5090107@kernel32.de><20051121122621.GA5197@obiwan.tataz.chchile.org> <4381C81C.4080907@kernel32.de> <00dd01c5eea4$1bb178b0$6501a8c0@llama>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Danny Carroll wrote: > But sshd can be moved without problem. It's not a cost-free solution, because there are support consequences. Users don't like change. Fortunately for us, we control their client configurations, so it's invisible to them. >> I just have the strong feeling that moving a daemon to another port >> (where it doesn't belong) won't gain any security. On 22, I used to get many, sometimes many thousands, of brute force password attempts per day. After moving to a higher port, I get zero. Mathematics tells me that makes it less likely that one of my user accounts will get whacked. It also raises the signal to noise ratio and storage requirements of my logs dramatically. I'm sure no one here thinks obscurity is a substitute for proper configuration of good quality software. Nevertheless, real world experience shows quite clearly that the odds of an expensive compromise go down when I'm a little harder to find. The fact that this does nothing to slow down a targeted attack does not diminish the value of evading the entire population of drive-by bots. - -d - -- David Talkington dtalk-ml@prairienet.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDgfdQ5FKhdwBLj4sRApC2AKCQNAd1lpHSukrwtolbKtLplhQGrwCgpSuU xPnXD1Q2UTykKv2pCJHKE9I= =C79J -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.63.0511210816460.26145>