1 |
defence in depth: They know that a system running ssh resides at this |
2 |
address so they can move onto probing for other weaknesses, you have |
3 |
already identified them as probing for a known vulnerability - so why |
4 |
take a chance that the next probe they do will hit on an unpatched, |
5 |
unknown hole? And as far as ssh goes, if they can try one password, |
6 |
they can try more and may get "lucky". |
7 |
|
8 |
They have been identified, dont let them keep on trying each door handle |
9 |
or window looking for any left unlocked. |
10 |
|
11 |
Lastly, are you absolutely, without qualification sure that you, or |
12 |
another user has not (even accidentally) run an app that is leaving the |
13 |
system vulnerable, that all passwords are 100% secure and unguessable, |
14 |
or that you have patched all known or *unknown* holes ... |
15 |
|
16 |
I thought not! |
17 |
|
18 |
BillK |
19 |
|
20 |
On Mon, 2005-10-10 at 12:55 +0800, Taka John Brunkhorst wrote: |
21 |
> nice but why do we need to block them? |
22 |
> ssh worms? or just lamers? |
23 |
> |
24 |
> -- |
25 |
> antiwmac@×××××.com |
26 |
> Taka John Brunkhorst |
27 |
-- |
28 |
gentoo-security@g.o mailing list |