1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
jongust@×××××××××.net wrote: |
5 |
|
6 |
| Would a tcp-wrapper block this worm from infecting a system? |
7 |
|
8 |
You could block it with iptables, by restricting allowed domains in your |
9 |
sshd_config, or by turning off password logins in sshd_config |
10 |
(restricting to public key). You could presumably limit allowed login |
11 |
addresses with tcpwrappers if none of the above methods of doing the |
12 |
exact same thing appeal to you ;) |
13 |
|
14 |
The thing is, some of these fixes may not be acceptible to all |
15 |
installations (for instance, I run a server in which users can log in |
16 |
from anywhere, which nixes restricting source addresses, and on which |
17 |
many users are clueless about public key authentication, which nixes |
18 |
that). However, in all honesty, I'm just not that concerned about this. |
19 |
If it's not even trying real usernames, what's the risk? Root login is |
20 |
disabled, and I have no guest, admin, etc accounts. Brute forcing over |
21 |
ssh isn't even a huge risk anyway, since it takes nearly half a second |
22 |
to try each password, and after three passwords the server disconnects |
23 |
(and there is a limit on max unauthenticated connections). At that rate, |
24 |
brute forcing a random 7 character password would take centuries. |
25 |
|
26 |
I don't know how this is really even a risk. Brute forcing is a known |
27 |
risk we all should have considered before. Seeing a (particularly |
28 |
clumsy) attempt at it in the wild just comforts me that at least some of |
29 |
the people out there trying to break into my server are complete and |
30 |
total idiots. |
31 |
- -- |
32 |
Dan ("KrispyKringle") |
33 |
Gentoo Linux Security Coordinator |
34 |
-----BEGIN PGP SIGNATURE----- |
35 |
Version: GnuPG v1.2.4 (Darwin) |
36 |
|
37 |
iQEVAwUBQQfHAbDO2aFJ9pv2AQIGRwgAuyWoy7mAzaCPbfEN3x0Nddw0L+7cKpU7 |
38 |
kqb54zrxY6ZiJ6HgEPjxIesOG1dhSx4kfkIGR4+0VxBEtQN7Vg53O9QY/4HfOAmg |
39 |
4WtKLmoP/05PyzGhfsN+OgLpkoXAbHFD7IJviNKSj29uIu0ywrDIDNT5zZCc0cWy |
40 |
08s31bbfdEXSCXej9brTj4/cB29Wior82IW6Je8hua7iPxR23WHOZs1ece8d8qXA |
41 |
kmQ21bYd7D07uwEub8UBECeB7fBzII5ZXqln0/RKO1w5c9TuReY/TOR6IIHUf2oo |
42 |
V8s/y2EbEBL6Se2lVNJvdwY0NYILANtV6q7RkN0BU3koz+k/huZn0A== |
43 |
=9mo2 |
44 |
-----END PGP SIGNATURE----- |
45 |
|
46 |
-- |
47 |
gentoo-security@g.o mailing list |