Re: Stealthing Ports in system-config-securitylevel was: SSH brute force attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/28/05, Roger Grosswiler <roger@xxxxxxxx> wrote:
> >> Hi,
> >>
> >> Taking again the thread about the SSH brute force attacks, but with a
> >> question.
> >>
> >> We have a nice tool called system-config-securitylevel, why isn't it
> >> possible to indicate some ips or ranges there an click to "stealth" so,
> >> this port is just visible to the indicated ip-adresses??
> >>
> >> Roger
> >>
> >
> > Because it's a simple gui tool designed to be simple.
> >
> you're right at this point, it's adding a function more., but adding this function would not mean crashing usability
> of this tool, i think. It's just an senseful option more, that keeps EASY the users computers more secure - specially
> on servers.

You have to be able to parse things like did you want to NOT allow
127.0.0.1 to connect. Did you mean 204.121.0.0/32 and not
204.121.0.0/16.. it is not a trivial task to do right for the new
person. Or the fact that you put the -A INPUT -s 0.0.0.0/0 -j ACCEPT
before all your drops.

A tool that does this would be great, but I think its complexity would
be more than can be packaged simply into the installer :(. Even
putting this in an 'expert' section is more likely to shoot one in the
foot. [I have had to clean up more systems because the person thought
they had secured it and it was actually worse off.]

-- 
Stephen J Smoogen.
CSIRT/Linux System Administrator


[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]