Security Basics mailing list archives
Re: what to do?
From: zp <zperkov () gmail com>
Date: Tue, 30 Aug 2005 22:43:04 -0400
Of course..but for this instance, a simple port change would cure his paranoia. Anyone with port 22 open on their fw has logs full of this crap. If i found the same dictionary attack on 1 (or 2) of my non-default ports then some of the suggestions mentioned would be worth looking into / implementing. And lets say it was a specific malicious event directed towards him, his sshd logs are not going to help him figure out whats going on neither will other logs on the system. I dont mean to belittle any of the solutions stated as they all are valid and and clever but, they will not help you identify a malicious intruder. IMO only a well maintaned snort (or other ids tool) will give you the ability to seriously ask " was i hacked?" -z On 8/30/05, Shane Singh <shane () nextwaveaudio com au> wrote:
All great suggestions thusfar. I found it easier to just change the default port for ssh.Just remember all the security 101 notes about "security through obscurity" :) -- Shaineel Singh e: mailto: shane () nextwaveaudio com au w: http://nextwaveaudio.com.au/shsingh p: 0424 620 254 -- "Life can be magnificent and overwhelming - That is its whole tragedy. Without beauty, love, or danger it would almost be easy to live." Albert Camus
Current thread:
- Re: what to do?, (continued)
- Re: what to do? zp (Aug 30)
- Re: what to do? Barrie Dempster (Aug 29)
- Re: what to do? paavan shah (Aug 29)
- Re: what to do? Alexander Klimov (Aug 30)
- Re: what to do? Anthony J Placilla (Aug 30)
- RE: what to do? Mehmet Buyukozer (Aug 31)
- RE: what to do? Rochford, Paul (BOI Compliance) (Aug 30)
- RE: what to do? Shane Singh (Aug 30)
- Re: what to do? Steve.Cummings (Aug 30)
- RE: what to do? Shane Singh (Aug 31)
- Re: what to do? zp (Aug 31)