[clug] Starting k/ubuntu - Debian
michael.cohen at netspeed.com.au
Mon May 14 23:35:34 GMT 2007
On Tue, May 15, 2007 at 08:30:10AM +1000, Craig Small wrote:
> I recall, a long time ago, that some vulnerabilities could still get hit
> even with this, as there is still some code run from the accept() call
> to the bit where you are checking the access control.
Thats true, but its a very small amount of code.
> If you have something like that, why have the port open for exploitation
> in the first place? I also find moving the ssh port greatly reduces the
> number of automatic worms that try things. OK, it's not going to stop
> someone deliberately targeting me, but the worms just try port 22 for
> ssh attacks.
Moving the port is a PITA for people trying to use it, and it doesnt really do
that much to enhance your secuirity because a simple port scan will find it. If
you want to make your daemon invisible to unauthorised users use port knocking.
Its probably also worth mentioning at this point /etc/security/access.conf
which can specifiy which account is allowed to log in from where (or not at
all). This way you can have no users allowed to log in at all except one or two
users. Also important is to disable password logins and only use keys - which
will stop all those password grinding kiddies.
More information about the linux