[olug] attempted attacks

Eric Lusk wyrmzr72 at yahoo.com
Tue Mar 8 18:27:09 UTC 2005


I already have all unnecessary services disabled
and/or firewalled, really only running http and ssh. 
This alone should significantly improve the overall
security.  No one has admin access except me, and then
no administrator can log in remotely; they have to log
in as a user and then su from there.  So I'm already
pretty tight.  At this point, I even set user
passwords, and inform the user when I change them.
Yes, I AM anal retentive. :)
Bottom line, I may add in some additional steps to
keep people out, but with how I'm set up, it sounds
like I'm pretty safe (obviously safer than many users,
who would already have had their system broken into by
this bot).
I'm just thinking about getting MORE anal than I am,
knowing security is not optional, it's necessary.
--- Sean Kelly <smkelly at zombie.org> wrote:
> On Tue, Mar 08, 2005 at 09:26:41AM -0800, Eric Lusk
> wrote:
> > yeah, I'm checking into several possibilities;
> just
> > have the inability to log in as root, and setting
> a
> > limit on login attempts is enough to deter most
> > automated systems, at least.
> > Anyone doing the attempts live is really bored. 
> I'll
> > change usernames to non-standard names, I noticed
> the
> > attempts were using common names to log in, like
> adam,
> > etc.  So even adding numbers or using hackerspeak
> on
> > usernames will greatly reduce the chance of an
> > automated system getting in.  That, and making
> sure no
> > one is using anything like a real word for a
> password.
> >  (if you can guess my password, and then su as
> root, I
> > must simply congratulate you).
> 
> Forcing users to change usernames and learning how
> to use SSH on a
> non-standard port is not always a good solution.
> Security through obscurity
> is only a weak form of covering one's ass.
> 
> The real trick is to deploy secure systems that use
> secure products with
> secure authentication. Noticing the pattern?
> "Secure."
> 
> Depending on the skill level of the users on the
> machine, you might
> consider using keys as an alternative to forcing
> username changes. In the
> FreeBSD cluster, we're required to send admins@ a
> SSH public key, and then
> we use that key and the associated passphrase to
> login to any machine in
> the cluster. Standard passwords are not supported.
> As users, we can change
> our key once logged in by uploading a new one, or we
> can e-mail a new one
> to admins@ with sufficient proof of who we are.
> 
> As some others have already covered, you may also
> consider the use of a
> firewall. On several of my machines, I maintain an
> ACL with lists of IPs
> and netmasks for each user on the system. Only
> matching IPs can access some
> services on the machines.
> 
> Another approach is to ignore it. Yes, ignore it.
> Shut down all the
> services you don't really need (finger, RPCs, FTP,
> telnet, ...). Secure the
> ones you do need either via SSH tunnelling with
> keys, firewall, or just by
> using decent software and being fairly diligent at
> keeping it up to date.
> Then, just ignore all the noise in syslog from
> automated crap banging on
> your machine.
> 
> -- 
> Sean Kelly         | PGP KeyID: D2E5E296
> smkelly at zombie.org | http://www.zombie.org
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
> 

http://www.ericshaus.com
Alcohol and Calculus don't mix.  Never drink and derive.


	
		
__________________________________ 
Celebrate Yahoo!'s 10th Birthday! 
Yahoo! Netrospective: 100 Moments of the Web 
http://birthday.yahoo.com/netrospective/



More information about the OLUG mailing list