[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
- From: "Nicolas Mailhot" <nicolas mailhot laposte net>
- To: "Development discussions related to Fedora Core" <fedora-devel-list redhat com>
- Cc: fedora-devel-list redhat com
- Subject: Re: SSH on by default? (Was: too many deamons by default - F7 test 2 live cd)
- Date: Tue, 20 Mar 2007 11:28:12 +0100 (CET)
Le Mar 20 mars 2007 10:59, Thomas M Steenholdt a écrit :
> Nicolas Mailhot wrote:
>> Le Mar 20 mars 2007 10:42, Thomas M Steenholdt a écrit :
>>> Nicolas Mailhot wrote:
>>>> Disabling ssh is not a good solution, many people need it. However the
>>>> default fedora ssh setup is woefully insecure
>>>>
>>>> At least ssh rate-limiting should be in the default firewall install.
>>>> Pam_abl would be even better (for other network services)
>>>>
>>> Blacklisting opens the potential for denial-of-service attacks. I'm not
>>> too familiar with the pam_abl implementation,
>>
>> You have per-source-host and per-target-user tuneables
>
> Potential problems with user=root and/or IP spoofing?
You have to balance the risk of DOSing with the protection level. But at
least you can special-case dangerous users, and protect against
distributed root attacks, which iptables won't notice.
--
Nicolas Mailhot
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]