Questions concerning Security Log

David Hoffman dhoffman2004 at gmail.com
Sun Apr 10 13:54:35 UTC 2005


On Apr 9, 2005 6:43 PM, Robert Spangler <bms at zoominternet.net> wrote:
> I will agree that for a script kiddy this will work, but for someone who is
> really trying to get in they will figure this out in a short time and then
> you are no longer protected.  The best bet is to move to an unknown port.

Sorry. Not true. If it is someone who knows that your system is there,
and seriously wants to get in, simply moving ports is not going to
stop them. It is very easy to see which ports respond to a connection
attempt, and when you find a port that responds, it is not difficult
to tell that it is an SSH daemon that you connected to.

Blocking access based on IP addresses is also not perfect, because
people who are intent on breaking in can simply try from another
address... but they you are talking about a big waste of resources
when you only get a few attempts before getting locked out.

The method mentioned above does seem to make good sense because after
only a small number of unsuccessful attempts in a short time, they are
automatically blocked for a time. And the number of attempts or time
are configurable.

The next best thing that can be done to this is to not only block them
for a period of time, but rather block them until a system
administrator manually unblocks them.

-- 

David
Registered Linux User 383030 (since everyone else was doing it 8-)
-----------------------------------------------------------------------
There are only 10 kinds of people in this world,
those who understand binary, and those who don't.




More information about the fedora-list mailing list