Date: Thu, 17 Nov 2005 23:20:57 -0800 From: ray@redshift.com To: Timothy Smith <timothy@open-networks.net> Cc: freebsd-security@freebsd.org Subject: Re: Need urgent help regarding security Message-ID: <3.0.1.32.20051117232057.00a96750@pop.redshift.com>
next in thread | raw e-mail | index | archive | help
At 02:42 PM 11/18/2005 +1000, Timothy Smith wrote: | i have seen a similar attack recently doing a brute force ssh. the | number ONE weakness in most poorly run IT systems, is easy passwords. | it's amazingly easy to brute force these systems using common names or | variations of them. Speaking of SSH, if you have to provide SSH service via a public IP# (and you are unable to limit traffic to just specific management/workstation IP#'s), then it's always a good idea to confirm that root login is not enabled in /etc/ssh/sshd_config. This make a brute force attack much more difficult, since a would-be attacker not only has to hit the correct password, but they also have to know a valid username on the system (as opposed to just using 'root') during an attack. Also, if you have access to the router, it's handy to re-write traffic from a higher public port down to port 22 on the server, since that will trip up anyone doing scans looking for a connect on port 22 across a large number of IP's. Anyway, just a couple of ideas I thought might be helpful while on the subject of SSH hardening :-) Ray
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.1.32.20051117232057.00a96750>