1 |
On Mon, 2005-10-10 at 12:55 +0800, Taka John Brunkhorst wrote: |
2 |
|
3 |
> nice but why do we need to block them? |
4 |
> ssh worms? or just lamers? |
5 |
|
6 |
I can shed light on this: |
7 |
|
8 |
The current Linux thread seems to be minimal and consists of ssh probes |
9 |
followed by brute-force ssh guessing. This is a minor threat however we |
10 |
are currently living in fortunate times. Certain regions in Asia are |
11 |
out of control and ISPs cannot manage their networks. Our concern is |
12 |
not the present but the future when times might not be so pleasant. |
13 |
Everyone remembers the SSH vulnerabilities that had no workaround other |
14 |
than hiding that (sshd) service the best you could. I think we are |
15 |
concerned about the future when there are no workaround for servers we |
16 |
rely on. |
17 |
|
18 |
To be honest, my ISP which is speakeasy is the worst ISP in America from |
19 |
my experience when dealing with hackers. The abuse team at that ISP is |
20 |
terrible, rude and inefficient and they are aware of it (however the |
21 |
quality and technical support of Speakeasy lines has been excellent for |
22 |
me). America as well as any other region in the world has their |
23 |
problems however there are hot spots. There are sketchy reports |
24 |
concerning China encouraging this behavior. |
25 |
|
26 |
Its now a viable solution to reject these packets from your home if your |
27 |
not interested in them. The penalty for doing this is adding about 300 |
28 |
to 1,000 rules to your kernel iptables. I have to admit censorship |
29 |
against a country like China who censors their Internet (on a brilliant |
30 |
level) is anti-moral to me but I'm concerned about my future. |
31 |
|
32 |
Brian |
33 |
|
34 |
> |
35 |
> -- |
36 |
> antiwmac@×××××.com |
37 |
> Taka John Brunkhorst |
38 |
|
39 |
|
40 |
Brian Micek |