Security basics
Tod Merley
todbot88 at gmail.com
Thu Oct 4 02:13:21 UTC 2007
Hi Patrick and all!
Someday, Lord willing, I would like to set up a lot of standard ports
to go to a "honey pot - virtual area" on my systems. I would love to
be able to let the attacker do his thing in a safe environment which
allows me to gather all the information about him and his ways that I
can.
Then, I would love to be able to automatically report all of this good
information to the security community almost as fast as it occurs.
The thought of some agents knocking on the attacker's door as he
continues an attack makes me smile.
To a great future fellows!
Tod
On 10/3/07, Patrick <flymooney at gmail.com> wrote:
> Steve Siegfried wrote:
>
> > Changing ports for ssh isn't actually that hot of an idea. Most port scanners
> > can detect ssh implementations since they normally self-identify. For example,
> > if you're running ssh on the normal port (22), try executing:
> > /usr/bin/telnet YOUR.HOST.IP.ADDR 22
> > and see what pops out.
> >
> > Hope this helps'idly,
> >
> > -S
>
> Changing SSH ports on my server yielded a 100% drop (yes...100%) in
> routine script attacks. I still have the usual people checking for
> phpMyAdmin stuff as well as the others, but nothing comes through on SSH
> now. And yes, when I did it I heard the whole "security through
> obscurity is not security" BS but the results cannot be argued with. In
> summation, CHANGE YOUR SSH PORT. It will work and cut down if not
> eliminate the script kiddies. Then when someone really starts knocking
> on your SSH door, it will not be lost in all of the "noise" from the
> scripters.
>
> Patrick
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
More information about the fedora-list
mailing list