Breakin attempts
Patrick O'Callaghan
pocallaghan at gmail.com
Wed Apr 21 22:33:23 UTC 2010
On Wed, 2010-04-21 at 11:26 -0700, Wolfgang S. Rupprecht wrote:
> g <geleem at bellsouth.net> writes:
> > Steve Blackwell wrote:
> > <snip>
> >> so it appears that someone was trying to break in to my machine.
> >
> > do you have 'ping reply' enabled on your cable modem?
> >
> > if so, i would suggest that you disable it so you are not visible.
> >
> > hth.
>
> One should really point out that some icmp messages are vital to the
> correct operation of the network? Many newbies seem to end up filtering
> out icmp-must-fragment in their zeal to stop all those evil icmp
> messages. That messes up mtu-discovery and ends up causing some
> destinations to effectively be unreachable for large packets.
>
> The core problem is to prevent someone from guessing users' passwords.
> You aren't going to achieve real security by hiding this or that
> attribute. If you don't want to worry about your users chosing bad
> non-random passwords, don't let them. Force them to use a 1k-2k RSA key
> for ssh and turn off all login types in sshd_config other than RSA2.
> That way any attacker has to correctly guess a 1k-bit computer generated
> number. That will almost certainly be much more secure than any
> password users will chose. Then you can look at the ssh log files and
> laugh. The universe isn't going to last long enough for them to guess
> even a small fraction of the keys.
Although this is true, it doesn't stop denial-of-service attacks, while
not replying to Pings may go some way to do so by hiding the IP address
from the less sophisticated attacker. I'm just saying ...
poc
More information about the users
mailing list