Alert!!

[Alexander Dalloz]

Am Di, den 14.09.2004 schrieb James Kosin um 15:27:

> Just an update:
> ~  1)  I've noticed some traffic on the net recently trying to access
> port 111 (I have it blocked on my server).  Those that don't know should
> really think about blocking this port from the outside using iptables.
> Be sure not to block your lo interface for this port.

Thank you for this information, James.

Maybe at least it points the attraction of root users (admins) to the
fact, that the portmapper, which is port 111, is open on many systems
for outside connects by default.

> ~  2)  I've also made it so root can not login via ssh.  This was to
> circumvent some of the problems with the recent sshd attacks.  To block
> or not allow root to login, change the /etc/ssh/sshd_config file and add
> a line that has 'DenyUsers  root'
> ~    This change does not block the attempt; but, it does block root from
> loging in.  You can still login as a normal user and do an 'su -' to get
> root.

One way, or disallow password authentication configuring the same file
and setup public key auth for ssh.

To prevent to let the script kids find their target on my hosts running
a public available sshd, I changed the listening default port from 22 to
something different.
Comment: this is no security setting, but to get rid of these simple
script attacks only targeting port 22. I do not like to have the logs
flooded by attack alarms.

> James Kosin

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp 
Serendipity 16:49:54 up 15 days, 14:06, load average: 0.09, 0.17, 0.09 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040914/e28d1aa2/attachment-0001.sig>