<br><div class="gmail_quote">On Tue, May 13, 2008 at 1:57 PM, Tim Wilson <<a href="mailto:tim_linux@wilson-home.com">tim_linux@wilson-home.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
That's what I thought, until I got hacked 6 years ago. Granted, I did have an older ssh, but at the time, it wasn't that old. Now, at the firewall level I only allow a certain range of IP addresses access to port 22. ...<div>
<div></div><div class="Wj3C7c"></div></div></blockquote><div><br>I like what Linus Torvalds does: no (externally initiated) incoming connections (to his home) at all. No SSH, no HTTP, no HTTPS, no GIT, no nothing. Obviously, it's not ideal if you're running a web page from your house. ;-)<br>
<br>Another 'solution' is to use a port-knock daemon. But don't confuse this for real security. Similar to moving the port number, it's just going to lower the traffic on your line. It's not going to keep someone out who knows how to monitor your network traffic (or how to get a hold of your ISP's network traffic logs with a candy-bar or baseball bat).<br>
<br>If you let connections in, there's risk. And there's no substitute for using the latest stable software and knowing how to configure it.<br><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div class="Wj3C7c"><br>
<br><div class="gmail_quote">On Tue, May 13, 2008 at 1:38 PM, Daniel A. Ramaley <<a href="mailto:daniel.ramaley@drake.edu" target="_blank">daniel.ramaley@drake.edu</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>On Tuesday 13 May 2008 12:53, Josh More wrote:<br><br></div></blockquote></div></div></div></blockquote><div> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div class="Wj3C7c"><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">... dictionary attacks. Have those<br>
*ever* worked? I've not personally encountered a system so insecure a<br>
dictionary attack would work against it...<br>
</blockquote></div></div></div></blockquote><div><br>I have. We had a client who consistently set up their usernames and passwords to be the same no matter how much we warned them. No surprise, they got nailed by a dictionary attack. (Clearly, our expectations were out of sync with reality, and we should have provided a different administration model.) <br>
<br>If those attacks are happening, lots of people are being exploited.<br><br><br>Chris</div></div>