Questions concerning Security Log
Robert Spangler
bms at zoominternet.net
Sun Apr 10 02:07:04 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Saturday 09 April 2005 20:13, Brian Gaynor wrote:
> > -----Original Message-----
> > I will agree that for a script kiddy this will work, but for
> > someone who is
> > really trying to get in they will figure this out in a short
> > time and then
> > you are no longer protected. The best bet is to move to an
> > unknown port.
>
> I would disagree a bit. Denying access after a small number of
> unsuccessful logons effectively reduces the bandwidth of anyone attempting
> a brute force attack, script kiddie or pro. Changing ports may hide you
> from script kiddies but not from a pro.
Not so sure I would agree with this. If they are hammering you then yes. But
if they watch their logs then they will see that after X attempts they are no
longer getting a reply then they could (at least I would) add time in between
requests. Sooner or later they will find the right time intervals and they
are back in business again.
Ex; you set a 5 attempt/5 minutes. they change this script to wait 61 sec
between attempt they are back in business.
> In addition the need to support users of various skill levels and
> additional services that may rely on SSH (SFTP, SVN) and changing ports
> becomes a support mess.
This could all be configured.
> Probably the most secure is to use certificates, but this can be a
> headache if you have lots of users.
True
- --
Regards
Robert
Smile... it increases your face value!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFCWIpS0xJrO8dQYHgRAtDkAJ0RYEhCVKdzjTSKvJyM7jOasY0O7wCgp432
Sx5O8ikwDRcALRIMI8pdxLo=
=s2ZA
-----END PGP SIGNATURE-----
More information about the users
mailing list