Re: how to detect hack attempts.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sunday, February 23, 2020 4:45:55 AM MST Tim via users wrote:
> On Sun, 2020-02-23 at 09:56 +0800, Ed Greshko wrote:
> 
> > your IPv4 address is also a Public IP address the same way the IPv6
> > address is.  Directly connected to the Internet with no NAT.  Also,
> > your modem does not have an internal Firewall. Therefore, the
> > firewall on your system is vital.
> 
> 
> I'd say it's even *more* vital that if you run any services (SSH, mail,
> FTP, HTTP, DNS, etc), that you configure them securely, than rely on a
> firewall to protect them.
> 
> e.g. If you ran a test webserver, but didn't intend to serve it to the
> WWW, then you'd configure the test webserver to only listen to internal
> addresses/interfaces.  Likewise with any other server that you don't
> intend to be externally accessible.
> 
> I've watched someone (albeit on Windows) get hacked 4 seconds after
> connecting to the internet, several times in a row.  But the
> principal's the same, no matter what OS (flaws exist that you don't
> know about).  And asshats are continually trying to get it.
> 
> Dropping a firewall to test something is something that a lot of people
> will do, but isn't something you'd want to do if you couldn't trust all
> your services to protect themselves.  And there's no safe time period
> that you can get away with momentarily dropping one.

The defaults for SSH are "good enough", you can't reasonably expect every user 
to only use ed25519, key exchange, limit ciphers, MACs and KexAlgorithms.

As for mail, FTP, DNS, web servers, these are not installed by default. If the 
user installs them, the user will likely be able to figure out how to 
configure them.

As for dropping the firewall, it's fine to drop the firewall temporarily if 
you're on an airgapped network, or if you're on a trusted network that 
enforces a firewall between you and a WAN and disallows unknown devices from 
connecting.

-- 
John M. Harris, Jr.
Splentity

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux