lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <86ocf9sjh1.fsf@red.stonehenge.com>
Date: Thu, 17 Jun 2010 09:38:02 -0700
From: merlyn@...nehenge.com (Randal L. Schwartz)
To: Emmanuel VERCHERE <emmanuel.verchere@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: targetted SSH bruteforce attacks

>>>>> "Emmanuel" == Emmanuel VERCHERE <emmanuel.verchere@...il.com> writes:

Emmanuel> SSH daemons using password auth exposed to the Internet _do_
Emmanuel> get bruteforce attempts. I would not recommend moving it to a
Emmanuel> different port than 22 as that would be of very, _very_ little
Emmanuel> help - rather switch to public key auth (plus SPA if you're
Emmanuel> paranoid), et voila.

After being regularly nailed on my port 22, I *did* move it.  I've had
only *one* attack since then, down by a factor of 20 or so.

Yes, it's worth it to not be on port 22, as long as you're one of the
few. :)  Remember, these bots are going for low-hanging fruit... it's
not worth it for them to hit all 65k ports.

Now, if we *all* move away from 22, your advice is more appropriate.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@...nehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ