Re: duqu

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 12/07/2011 08:17 AM, Stephen Harris wrote:
> On Wed, Dec 07, 2011 at 07:07:33AM -0500, Lamar Owen wrote:
>> On Tuesday, December 06, 2011 08:06:55 PM James A. Peltier wrote:
>>> [Changing the port #] is completely and utterly retarded.  You have
>> done *NOTHING* to secure SSH by doing this.  You have instead made it
>> only slightly, and I mean ever so slightly, more secure.  A simple port
>> scan of your network would find it within seconds and start to utilize it.
>>
>> Simple port scans don't scan all 65,536 possible port numbers; those
>> scans are a bit too easy for IDS detection and mitigation.  Most scans
>> only scan common ports; the ssh brute-forcer I found in the wild only
>> scanned port 22; if it wasn't open, it went on to the next IP address.
> 
> In theory James is correct.  In practice Lamar appears to be.  About a
> year back I changed my ssh port and have not since seen password hack
> attempts, so the port scanners are definitely not pervasively scanning
> all ports.  (Not that they'd have logged in; but it was causing noise
> and annoyance in the logs)
> 
> Now the same wouldn't be true if I was managing firewalls for Chase or
> Bank Of America or Citi or HSBC; you can be sure that they're being 
> scanned on all ports and better not have external ssh connections open
> to the world!
> 

Right ... they need a reason to look somewhere else.  If they
specifically wanted that machine, they would scan all ports.  If they
are drive bye script kiddies, then if it is not on port 22 that will cut
down significantly on the drive byes.

Lots of times, they look for a port 22 open to back later, etc.

So, Lamar is correct.  It does not do anything to prevent a determined
attack ... but it does greatly reduce the chance someone will randomly
pick your machine for an attack.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux