You should really have a firewall that filters out most of these going
to the Internet. As a general rule, only open to the outside what is
required for access. That is the best default for security. There is an
application or option you can add to your Linux server that cuts off ssh
login attempts from an IP after so many attempts. I don't know what it
is at the moment but I saw it used. Works well.
I use OpenBSD and the pf firewall allows traffic to be directed to
specific servers. Hopefully the cracker robots can be cut off there as
well. I'll have to check that out. Strong passwords are one of your
best assets. I hear that OpenBSD runs Asterisk well also, if you don't
need card drivers. That might be a nice two-in-one box.
Peter M.
D. Hugh Redelmeier wrote:
I regularly get attacks against my sshd. I can hear them (the disk
makes a fairly distinctive noise). They occur infrequently enough
that I still investigate some of the (unlike SPAM).
I just got an sshd attack from 212.109.44.99 (reverses to
voice-telecom.sovam.net.ua but this name does not resolve). Futher
investigation shows that this is an [EMAIL PROTECTED] box in the Ukraine.
It even seems to be still running asterisk -- the web interface seems
to work.
Perhaps this indicates that there is an out-of-box vulnerability in
[EMAIL PROTECTED] Perhaps not.
nmap shows:
Port State Service
21/tcp open ftp
22/tcp open ssh
25/tcp filtered smtp
80/tcp open http
111/tcp open sunrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
899/tcp open unknown
2000/tcp open callbook
3306/tcp open mysql
Is it normal to leave all these ports open to the internet on an
asterisk box? In particular, is mysql secure this way? How about
sunrpc?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Peter L. MacFarlane, ACP
C & P Consulting 2000
Charlottetown PEI
