Stealthing Ports in system-config-securitylevel was: SSH brute force attack
Stephen J. Smoogen
smooge at gmail.com
Fri Apr 29 02:29:52 UTC 2005
On 4/28/05, Roger Grosswiler <roger at gwch.net> wrote:
> >> Hi,
> >>
> >> Taking again the thread about the SSH brute force attacks, but with a
> >> question.
> >>
> >> We have a nice tool called system-config-securitylevel, why isn't it
> >> possible to indicate some ips or ranges there an click to "stealth" so,
> >> this port is just visible to the indicated ip-adresses??
> >>
> >> Roger
> >>
> >
> > Because it's a simple gui tool designed to be simple.
> >
> you're right at this point, it's adding a function more., but adding this function would not mean crashing usability
> of this tool, i think. It's just an senseful option more, that keeps EASY the users computers more secure - specially
> on servers.
You have to be able to parse things like did you want to NOT allow
127.0.0.1 to connect. Did you mean 204.121.0.0/32 and not
204.121.0.0/16.. it is not a trivial task to do right for the new
person. Or the fact that you put the -A INPUT -s 0.0.0.0/0 -j ACCEPT
before all your drops.
A tool that does this would be great, but I think its complexity would
be more than can be packaged simply into the installer :(. Even
putting this in an 'expert' section is more likely to shoot one in the
foot. [I have had to clean up more systems because the person thought
they had secured it and it was actually worse off.]
--
Stephen J Smoogen.
CSIRT/Linux System Administrator
More information about the fedora-test-list
mailing list