On December 2, 2011, Royce Souther wrote: > If you watch TechSNAP it has more information. > http://www.jupiterbroadcasting.com/14561/allans-zfs-server-build-techsnap-3 >4/ > > PKI may not be enough, I am thinking that port knocking to restrict access > to port 22 is a good idea now.
I believe the exploits were not 0-day, but rather a brute force attack using the root account. As Gustin pointed out, the versions were very very old, and should have been patched. Additionally setting "PermitRootLogin no" in sshd_config would have been a good thing. Also, some sort of HIDS like ossec (http://www.ossec.net). It has an active-response which will block the IPs using ipables from brute force attacks detected. Andy
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
