IP Banning (Using IPFW)
ldrada at gmail.com
Thu Feb 9 04:05:57 PST 2006
On 2/9/06, Chris <chrcoluk at gmail.com> wrote:
> On 07/02/06, David Scheidt <dscheidt at panix.com> wrote:
> > On Tue, Feb 07, 2006 at 12:40:22AM +0200, Atis wrote:
> > > On Sun, 5 Feb 2006 18:55:13 -0500
> > > David Scheidt <dscheidt at panix.com> wrote:
> > >
> > > >
> > > > Nonsense. There may be some people that only scan well-known ports,
> > > > but it's much more common to scan every port on a machine. If you're
> > > > running a server on a non-standard port, an attacker will find it.
> > > >
> > >
> > > sure, but 99% of the time the machines attacking your server are zombies
> > > that do not care to do a full portscan. i suppose the purpose is to
> > > find other misconfigured, easy-to-hack computers on the network. by
> > > putting your services on non-standard ports you get rid of these
> > > mindless drones and don't pollute log files with useless garbage.
> > >
> > > now if somebody _does_ actually target your server in particular then
> > > this is definitely not the solution.
> > >
> > > anywayz, putting things on non-standard ports helps a lot, and is
> > > one of the first and easiest security measures an administrator
> > > may consider.
> > >
> > Taking your clothes off and painting yourself blue is also one of the
> > first and easiest security measures to consider. It's even more
> > effective, too. I know of no machine that's been cracked that had a
> > wheel naked and painted blue. I've seen lots running standard
> > services on non-standard ports.
> > Security through obscurity doesn't work, it makes tracking down
> > other problems harder, and creates work to maintain non-standard
> > configurations.
> I understand his point, I see 2 types of problems we have to deal with. The
> thousands of drones that scan for boxes that are vulnerable to a specific
> exploit, they will often scan ip ranges on a specific port and if its open
> see if its vulnerable. For these types of intruders chnging ports is very
> effective since you would simply be skipped past on their scan, for most of
> us 99% of attempted intrusions are zombie based or some script a kid has
> downloaded of the web.
> The argument against changing ports is of course when you have a persistent
> hacker who wants in, he will of course scan all the ports and find the
> service and this type of protection is nullified. In this scenario if you
> havent taken additional measures to secure the box then you may be in
> I personally move things like sshd of its normal port simply to stop my logs
> been flooded with brute force logins and since I am the only one who uses
> ssh there is no downside to it, I of course dont rely on this alone and keep
> my software up to date amongst other security measures it is simply an extra
> layer of skin on the onion. For things like httpd I keep on port 80 as I
> think moving the port of that is more hassle then its worth.
I've seen someone mention how to move httpd to a non-reserved port (ie
8080), and let that change be transparent for the end-user by using
ipf. I dont know how, though.
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions