Date: Thu, 9 Feb 2006 13:05:45 +0100 From: "Daniel A." <ldrada@gmail.com> To: Chris <chrcoluk@gmail.com> Cc: Atis <atissita@btv.lv>, David Scheidt <dscheidt@panix.com>, freebsd-questions@freebsd.org Subject: Re: IP Banning (Using IPFW) Message-ID: <5ceb5d550602090405r7b22d902ldbf6bafe7396f949@mail.gmail.com> In-Reply-To: <3aaaa3a0602082033k10a927fcg@mail.gmail.com> References: <5ceb5d550602051357r27f07864lb408168902a68e12@mail.gmail.com> <MIEPLLIBMLEEABPDBIEGIELNHMAA.fbsd_user@a1poweruser.com> <20060205235513.GA20707@panix.com> <20060207004022.3e238768.atissita@btv.lv> <20060207035522.GA17514@panix.com> <3aaaa3a0602082033k10a927fcg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/9/06, Chris <chrcoluk@gmail.com> wrote: > On 07/02/06, David Scheidt <dscheidt@panix.com> wrote: > > > > On Tue, Feb 07, 2006 at 12:40:22AM +0200, Atis wrote: > > > On Sun, 5 Feb 2006 18:55:13 -0500 > > > David Scheidt <dscheidt@panix.com> wrote: > > > > > > > > > > > Nonsense. There may be some people that only scan well-known ports= , > > > > but it's much more common to scan every port on a machine. If you'= re > > > > running a server on a non-standard port, an attacker will find it. > > > > > > > > > > sure, but 99% of the time the machines attacking your server are zomb= ies > > > that do not care to do a full portscan. i suppose the purpose is to > > > find other misconfigured, easy-to-hack computers on the network. by > > > putting your services on non-standard ports you get rid of these > > > mindless drones and don't pollute log files with useless garbage. > > > > > > now if somebody _does_ actually target your server in particular then > > > this is definitely not the solution. > > > > > > anywayz, putting things on non-standard ports helps a lot, and is > > > one of the first and easiest security measures an administrator > > > may consider. > > > > > > > Taking your clothes off and painting yourself blue is also one of the > > first and easiest security measures to consider. It's even more > > effective, too. I know of no machine that's been cracked that had a > > wheel naked and painted blue. I've seen lots running standard > > services on non-standard ports. > > > > Security through obscurity doesn't work, it makes tracking down > > other problems harder, and creates work to maintain non-standard > > configurations. > > > I understand his point, I see 2 types of problems we have to deal with. = The > thousands of drones that scan for boxes that are vulnerable to a specific > exploit, they will often scan ip ranges on a specific port and if its ope= n > see if its vulnerable. For these types of intruders chnging ports is ver= y > effective since you would simply be skipped past on their scan, for most = of > us 99% of attempted intrusions are zombie based or some script a kid has > downloaded of the web. > > The argument against changing ports is of course when you have a persiste= nt > hacker who wants in, he will of course scan all the ports and find the > service and this type of protection is nullified. In this scenario if yo= u > havent taken additional measures to secure the box then you may be in > trouble, > > I personally move things like sshd of its normal port simply to stop my l= ogs > been flooded with brute force logins and since I am the only one who uses > ssh there is no downside to it, I of course dont rely on this alone and k= eep > my software up to date amongst other security measures it is simply an ex= tra > layer of skin on the onion. For things like httpd I keep on port 80 as I > think moving the port of that is more hassle then its worth. I've seen someone mention how to move httpd to a non-reserved port (ie 8080), and let that change be transparent for the end-user by using ipf. I dont know how, though. > > Chris > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5ceb5d550602090405r7b22d902ldbf6bafe7396f949>