On Wednesday 15 March 2006 11:06, Goswin von Brederlow wrote: > He trying to solve that a tcp connect to port 22 establishes a > connection and thereby reveals that the server is running an sshd and > attcking it makes sense. > > His idea is to add a 100% non responsive knocking (using udp) before > the actual ssh handshake so unauthorized clients can't even determine > that sshd is running. Not that I find that usefull but thats the idea.
Thank you! You stated it in simple terms that escaped me. If the only brute-force attempts come from a single address, then simpler methods of detecting and blocking such attempts may be adequate. If one is quite satisfied leaving the barn door wide open while having an obviously secure lock on the door of the stall holding his prized thoroughbred, then no extra security is needed. For me, putting an obvious, very visible lock on the stall door is not sufficient; I'd like to obscure all of the stall doors so that the good locks aren't obvious, and secure the barn itself. I wouldn't put up flags and banners crying out to all passers-by that I may have something valuable inside. I want thieves to think, "There's nothing here worth stealing; I'll keep going to the next place" while they are still on road passing by. Considering that many miscreants have 'armies' of cracked Windows computers they control remotely, many concerted attacks won't necessarily come from one IP or one network. Concerted spam attacks don't come from a single source. DDOS attacks don't come from a single source. If shooing the intruder away after he's been picking away at your system for a while is good enough for you, then good. You don't need anything else. But I think there are plenty of others who, like me, don't want to give miscreants any reason to stop and pick away at all. We want them to stay on the road and pass right by. And we want to be ready for them if they do happen to stop. Neal -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
