SV: Breakin attempt
Hasse Hansson
fbsd at thorshammare.org
Sun Oct 23 15:03:22 UTC 2011
-----Oprindelig meddelelse-----
Fra: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org] På vegne af Bill Tillman
Sendt: den 23 oktober 2011 13:56
Til: Bruce Cran; Polytropon
Cc: freebsd-questions at freebsd.org
Emne: Re: Breakin attempt
________________________________
From: Bruce Cran <bruce at cran.org.uk>
To: Polytropon <freebsd at edvax.de>
Cc: freebsd-questions at freebsd.org
Sent: Saturday, October 22, 2011 10:37 AM
Subject: Re: Breakin attempt
On 22 Oct 2011, at 15:12, Polytropon wrote:
> On Sat, 22 Oct 2011 15:08:50 +0100, Bruce Cran wrote:
>> I suspect that these sorts of attacks are fairly normal if you're
>> running ssh on the standard port. I used to have lots of 'break-in
>> attempts' before I moved the ssh server to a different port.
>
> Is there _any_ reason why moving from port 22 to something
> different is _not_ a solution?
If you run some sort of shell server, or where many people need to login
using ssh, you'll have a bit of a support problem telling people to select
the non-default port. Also, some might consider it security through
obscurity, which is often said to be a bad thing.
--
Bruce Cran
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
I agree. I run ssh on a different port and still some hackers, usually from
the Far East still detect it and try to gain access. It happens all the
time. Remember there is a big difference between a break-in and an attempted
break-in. It is a sad state of affairs that so much effort and energy and
high IQ thinking is spent on security these days. If we could just channel
all that energy into something more useful.
The point about giving so many others ssh logins is something I cringe on as
well. I realize it's useful and needed, but there is a real myth out there
that hackers are overwhelmingly intelligent and must be highly skilled to
hack into someone's system. I think if you were to examine the real numbers
you'd find the vast majority of break ins come from someone who either has a
login username and password, bought or stole a username and password or
overheard someone talking about their username and password. There are of
course exceptions but the media and hype about all these intelligent hackers
is just overblown. Loose lips sink ships. And as soon as more than one
person knows a secret...it's no longer a secret.
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
----------------------------------------------------------------------------
--------------'¨
Thanks all for responding and contributing to my post.
For the moment, "all quiet on the eastern front"
I followed the advices I got, changed the ssh port, and it drastically
reduced the noise in my log files.
My guess, it was some kind of "bots" probing. Lots of resources down the
drain.
It really would be nice to set up some kind of "tarpit" to slow down them
suckers a bit.
I have a faint memory of seeing some suggestions of doing that with a "que"
rule or something in PF.
Have to "google" a bit and look into it.
The good thing, it made me scrutinize my security settings and fix things I
should have fixed long time ago.
As said before, this server is running just for pleasure and educational
purposes, so I'm free to do any
Changes or experiments I please to.
All the best
Hasse
More information about the freebsd-questions
mailing list