Re: Breakin attempts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2010-04-21 at 11:26 -0700, Wolfgang S. Rupprecht wrote:
> g <geleem@xxxxxxxxxxxxx> writes:
> > Steve Blackwell wrote:
> > <snip>
> >> so it appears that someone was trying to break in to my machine.
> >
> > do you have 'ping reply' enabled on your cable modem?
> >
> > if so, i would suggest that you disable it so you are not visible.
> >
> > hth.
> 
> One should really point out that some icmp messages are vital to the
> correct operation of the network?  Many newbies seem to end up filtering
> out icmp-must-fragment in their zeal to stop all those evil icmp
> messages.  That messes up mtu-discovery and ends up causing some
> destinations to effectively be unreachable for large packets.
> 
> The core problem is to prevent someone from guessing users' passwords.
> You aren't going to achieve real security by hiding this or that
> attribute.  If you don't want to worry about your users chosing bad
> non-random passwords, don't let them.  Force them to use a 1k-2k RSA key
> for ssh and turn off all login types in sshd_config other than RSA2.
> That way any attacker has to correctly guess a 1k-bit computer generated
> number.  That will almost certainly be much more secure than any
> password users will chose.  Then you can look at the ssh log files and
> laugh.  The universe isn't going to last long enough for them to guess
> even a small fraction of the keys.

Although this is true, it doesn't stop denial-of-service attacks, while
not replying to Pings may go some way to do so by hiding the IP address
from the less sophisticated attacker. I'm just saying ...

poc

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux