Re: Breakin attempts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



g <geleem@xxxxxxxxxxxxx> writes:
> Steve Blackwell wrote:
> <snip>
>> so it appears that someone was trying to break in to my machine.
>
> do you have 'ping reply' enabled on your cable modem?
>
> if so, i would suggest that you disable it so you are not visible.
>
> hth.

One should really point out that some icmp messages are vital to the
correct operation of the network?  Many newbies seem to end up filtering
out icmp-must-fragment in their zeal to stop all those evil icmp
messages.  That messes up mtu-discovery and ends up causing some
destinations to effectively be unreachable for large packets.

The core problem is to prevent someone from guessing users' passwords.
You aren't going to achieve real security by hiding this or that
attribute.  If you don't want to worry about your users chosing bad
non-random passwords, don't let them.  Force them to use a 1k-2k RSA key
for ssh and turn off all login types in sshd_config other than RSA2.
That way any attacker has to correctly guess a 1k-bit computer generated
number.  That will almost certainly be much more secure than any
password users will chose.  Then you can look at the ssh log files and
laugh.  The universe isn't going to last long enough for them to guess
even a small fraction of the keys.

-wolfgang
-- 
Wolfgang S. Rupprecht
If the airwaves belong to the public why does the public only get 3
non-overlapping WIFI channels?
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux