> I had the system setup to allow http and ssh. > > The hack came in through ssh.
For those that aren't heavily involved with security topics, there has been many different approachs from many different IP's attempting to: a) exploit known ssh holes, and, b) ssh password guessing We tend to watch these attempts rather closely through intrusion detection tools like snort. As consultants, we are also under retainers to assist other companies with securing their facilities and watching for exploits. The exploit attempts happen every single day. There are multiple password guessing tools commonly available on the Internet. I eval'ed one of the tools and it took five seconds to guess a password that was five characters in length. It took an hour to guess a password that was eight characters, and around twenty-four hours to guess a password that was eight characters made up of uppercase, lowercase and non-alpha characters (eg, complex). Regardless, the guessing process is simply how much time does one want to devote to doing it (eg, what's the return value for spending the time exploiting a system). It doesn't make much difference whether one exposes telnet or ssh. Both can be exploited. But, the more complex you make the password, the more time-consuming and difficult it is to guess it. So, if you must expose either telnet or ssh, make your passwords very long and complex. If your O/S has the capability to lockout the account after 'xx' failed passwords, then do that. Automatically resetting the process after 'y' minutes disrupts the guessing process without the hacker knowing it, but still allows you access after that auto reset. Using something like seven failed attempts with a five minute reset is more then adequate in most cases. _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
