| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
jongust@×××××××××.net wrote: |
| 5 |
|
| 6 |
| Would a tcp-wrapper block this worm from infecting a system? |
| 7 |
|
| 8 |
You could block it with iptables, by restricting allowed domains in your |
| 9 |
sshd_config, or by turning off password logins in sshd_config |
| 10 |
(restricting to public key). You could presumably limit allowed login |
| 11 |
addresses with tcpwrappers if none of the above methods of doing the |
| 12 |
exact same thing appeal to you ;) |
| 13 |
|
| 14 |
The thing is, some of these fixes may not be acceptible to all |
| 15 |
installations (for instance, I run a server in which users can log in |
| 16 |
from anywhere, which nixes restricting source addresses, and on which |
| 17 |
many users are clueless about public key authentication, which nixes |
| 18 |
that). However, in all honesty, I'm just not that concerned about this. |
| 19 |
If it's not even trying real usernames, what's the risk? Root login is |
| 20 |
disabled, and I have no guest, admin, etc accounts. Brute forcing over |
| 21 |
ssh isn't even a huge risk anyway, since it takes nearly half a second |
| 22 |
to try each password, and after three passwords the server disconnects |
| 23 |
(and there is a limit on max unauthenticated connections). At that rate, |
| 24 |
brute forcing a random 7 character password would take centuries. |
| 25 |
|
| 26 |
I don't know how this is really even a risk. Brute forcing is a known |
| 27 |
risk we all should have considered before. Seeing a (particularly |
| 28 |
clumsy) attempt at it in the wild just comforts me that at least some of |
| 29 |
the people out there trying to break into my server are complete and |
| 30 |
total idiots. |
| 31 |
- -- |
| 32 |
Dan ("KrispyKringle") |
| 33 |
Gentoo Linux Security Coordinator |
| 34 |
-----BEGIN PGP SIGNATURE----- |
| 35 |
Version: GnuPG v1.2.4 (Darwin) |
| 36 |
|
| 37 |
iQEVAwUBQQfHAbDO2aFJ9pv2AQIGRwgAuyWoy7mAzaCPbfEN3x0Nddw0L+7cKpU7 |
| 38 |
kqb54zrxY6ZiJ6HgEPjxIesOG1dhSx4kfkIGR4+0VxBEtQN7Vg53O9QY/4HfOAmg |
| 39 |
4WtKLmoP/05PyzGhfsN+OgLpkoXAbHFD7IJviNKSj29uIu0ywrDIDNT5zZCc0cWy |
| 40 |
08s31bbfdEXSCXej9brTj4/cB29Wior82IW6Je8hua7iPxR23WHOZs1ece8d8qXA |
| 41 |
kmQ21bYd7D07uwEub8UBECeB7fBzII5ZXqln0/RKO1w5c9TuReY/TOR6IIHUf2oo |
| 42 |
V8s/y2EbEBL6Se2lVNJvdwY0NYILANtV6q7RkN0BU3koz+k/huZn0A== |
| 43 |
=9mo2 |
| 44 |
-----END PGP SIGNATURE----- |
| 45 |
|
| 46 |
-- |
| 47 |
gentoo-security@g.o mailing list |
Archives