On Wed, Nov 26, 2008 at 2:43 PM, Tatsuo Ishii [EMAIL PROTECTED] wrote:
Today I noticed I cannot login to cvs.pgfoundry.org anymore since the
IP address has been changed am asked password which seems to be
changed. So I cannot use CVS any more. Does anybody why this happens
and how to fix it?
On Wed, 26 Nov 2008, Dave Page wrote:
It's the same IP address - but try port 35 for ssh. Marc changed it
(temporarily) due to a vast number of malicious connection attempts.
Why wasn't this change communicated to anyone, not even gforge-admins?
How temporary is temporary?
Kris Jurka
Kris Jurka wrote:
On Wed, 26 Nov 2008, Dave Page wrote:
It's the same IP address - but try port 35 for ssh. Marc changed it
(temporarily) due to a vast number of malicious connection attempts.
Why wasn't this change communicated to anyone, not even gforge-admins?
How temporary is
On Wed, 26 Nov 2008, Steve Crawford wrote:
Obscurity should not be your *only* line of defense, but camouflage
helps as well. And even if it didn't, it still reduces server-load,
bandwidth and heaps of logfile cruft.
In order case, thankfully, there was minimal banwidth impact, but the
Steve Crawford wrote:
I have changed the external ssh port on all machines I administer. The
result is the complete elimination of the previous hundreds to thousands
of daily script-kiddie brute-force attempts I used to see.
+1
We have not used port 22 in our production network for
On Wed, Nov 26, 2008 at 10:51:23AM -0800, Steve Crawford wrote:
Kris Jurka wrote:
On Wed, 26 Nov 2008, Dave Page wrote:
It's the same IP address - but try port 35 for ssh. Marc changed
it (temporarily) due to a vast number of malicious connection
attempts.
Why wasn't this change
David Fetter wrote:
We should move to a port-knocking
http://dotancohen.com/howto/portknocking.html or other modern
strategy if we're going to move at all.
Yeah, but telling my firewall to move port 22 inside to port
outside took less time than writing this email. Inside the firewall
On Wed, 2008-11-26 at 13:57 -0800, Steve Crawford wrote:
David Fetter wrote:
We should move to a port-knocking
http://dotancohen.com/howto/portknocking.html or other modern
strategy if we're going to move at all.
Yeah, but telling my firewall to move port 22 inside to port
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --On Wednesday, November 26, 2008 14:00:59 -0800 Joshua D. Drake
[EMAIL PROTECTED] wrote:
Since were chatting :P. My vote would be to move everything back to port
22 and force key based auth only.
How does that work? Does that kill the
Marc G. Fournier wrote:
How would someone upload their key if they don't have access? Some sort of
web
interface? One wouldn't want to throw extra admin overhead if it can be
avoided ...
pgfoundry already has a web interface for uploading SSH keys.
--
Alvaro Herrera
Marc G. Fournier wrote:
Since were chatting :P. My vote would be to move everything back to port
22 and force key based auth only.
How does that work? Does that kill the script kiddies in their tracks? I'm
guessing so, but had never thought to try it ...
Depends on where the problem is.
On Wed, 2008-11-26 at 18:06 -0400, Marc G. Fournier wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Since were chatting :P. My vote would be to move everything back to port
22 and force key based auth only.
How does that work? Does that kill the script kiddies in their tracks? I'm
Joshua D. Drake wrote:
On Wed, 2008-11-26 at 18:06 -0400, Marc G. Fournier wrote:
Since were chatting :P. My vote would be to move everything back to port
22 and force key based auth only.
How does that work? Does that kill the script kiddies in their tracks? I'm
guessing so,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --On Wednesday, November 26, 2008 14:12:42 -0800 Joshua D. Drake
[EMAIL PROTECTED] wrote:
Well they can still talk to the port of course but its irrelevant
because unless they have an ssh key, they aren't getting in. Period.
Well, they
Marc G. Fournier [EMAIL PROTECTED] writes:
[EMAIL PROTECTED] wrote:
Well they can still talk to the port of course but its irrelevant
because unless they have an ssh key, they aren't getting in. Period.
Well, they weren't getting in before ... i twas the massive flood of attempts
that was
Marc G. Fournier wrote:
- --On Wednesday, November 26, 2008 14:12:42 -0800 Joshua D. Drake
[EMAIL PROTECTED] wrote:
Well they can still talk to the port of course but its irrelevant
because unless they have an ssh key, they aren't getting in. Period.
Well, they weren't getting in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --On Wednesday, November 26, 2008 17:42:12 -0500 Tom Lane [EMAIL PROTECTED]
wrote:
Marc G. Fournier [EMAIL PROTECTED] writes:
[EMAIL PROTECTED] wrote:
Well they can still talk to the port of course but its irrelevant
because unless they have
17 matches
Mail list logo
