| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Jun 2010 09:38:02 -0700 From: merlyn@...nehenge.com (Randal L. Schwartz) To: Emmanuel VERCHERE <emmanuel.verchere@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: targetted SSH bruteforce attacks >>>>> "Emmanuel" == Emmanuel VERCHERE <emmanuel.verchere@...il.com> writes: Emmanuel> SSH daemons using password auth exposed to the Internet _do_ Emmanuel> get bruteforce attempts. I would not recommend moving it to a Emmanuel> different port than 22 as that would be of very, _very_ little Emmanuel> help - rather switch to public key auth (plus SPA if you're Emmanuel> paranoid), et voila. After being regularly nailed on my port 22, I *did* move it. I've had only *one* attack since then, down by a factor of 20 or so. Yes, it's worth it to not be on port 22, as long as you're one of the few. :) Remember, these bots are going for low-hanging fruit... it's not worth it for them to hit all 65k ports. Now, if we *all* move away from 22, your advice is more appropriate. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <merlyn@...nehenge.com> <URL:http://www.stonehenge.com/merlyn/> Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists