On Wed, 2007-10-03 at 19:13 -0700, Tod Merley wrote: > Hi Patrick and all! > > Someday, Lord willing, I would like to set up a lot of standard ports > to go to a "honey pot - virtual area" on my systems. I would love to > be able to let the attacker do his thing in a safe environment which > allows me to gather all the information about him and his ways that I > can. > > Then, I would love to be able to automatically report all of this good > information to the security community almost as fast as it occurs. > The thought of some agents knocking on the attacker's door as he > continues an attack makes me smile. > > To a great future fellows! > > Tod > > On 10/3/07, Patrick <flymooney@xxxxxxxxx> wrote: > > Steve Siegfried wrote: > > > > > Changing ports for ssh isn't actually that hot of an idea. Most port scanners > > > can detect ssh implementations since they normally self-identify. For example, > > > if you're running ssh on the normal port (22), try executing: > > > /usr/bin/telnet YOUR.HOST.IP.ADDR 22 > > > and see what pops out. > > > > > > Hope this helps'idly, > > > > > > -S > > > > Changing SSH ports on my server yielded a 100% drop (yes...100%) in > > routine script attacks. I still have the usual people checking for > > phpMyAdmin stuff as well as the others, but nothing comes through on SSH > > now. And yes, when I did it I heard the whole "security through > > obscurity is not security" BS but the results cannot be argued with. In > > summation, CHANGE YOUR SSH PORT. It will work and cut down if not > > eliminate the script kiddies. Then when someone really starts knocking > > on your SSH door, it will not be lost in all of the "noise" from the > > scripters. > > > > Patrick > > > > > > -- > > fedora-list mailing list > > fedora-list@xxxxxxxxxx > > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list > > > http://project.honeynet.org/ :) Calin ================================================= "Nuclear war would really set back cable." - Ted Turner
