On 12/02/15 20:03, Warren Young wrote:
Hi, just a quick note to whoever is maintaining this page:
http://wiki.centos.org/HowTos/Network/SecuringSSH
The procedure is missing the firewall-cmd calls necessary in EL7:
firewall-cmd --add-port 2345/tcp
firewall-cmd --add-port 2345/tcp
On 12/02/15 20:03, Warren Young wrote:
Hi, just a quick note to whoever is maintaining this page:
http://wiki.centos.org/HowTos/Network/SecuringSSH
The procedure is missing the firewall-cmd calls necessary in EL7:
firewall-cmd --add-port 2345/tcp
firewall-cmd --add-port
On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote:
On 02/13/2015 09:15 AM, Chris Adams wrote:
Yeah, the old move stuff to alternate ports thing is largely a waste
of time and just makes it more difficult for legitimate use. With
large bot networks and tools like zmap, finding services
Once upon a time, James Hogarth james.hoga...@gmail.com said:
If you really want to SSH to a port other than 22 for a little obscurity
use an iptables dnat to map the high port to local host 22 and block 22
from external connections.
Yeah, the old move stuff to alternate ports thing is largely
On 02/13/2015 09:15 AM, Chris Adams wrote:
Yeah, the old move stuff to alternate ports thing is largely a waste
of time and just makes it more difficult for legitimate use. With
large bot networks and tools like zmap, finding services on alternate
ports is not that hard for the bad guys.
On 02/13/2015 05:41 AM, James Hogarth wrote:
This is horrible advice anyway. It's not a good idea to run SSH on a port
greater than 1024 since if a crash exploit is used to kill the process a
non-root trojan process faking SSH to gather credentials could then bind on
that port trivially totally
Always Learning wrote:
On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote:
On 02/13/2015 09:15 AM, Chris Adams wrote:
Yeah, the old move stuff to alternate ports thing is largely a waste
of time and just makes it more difficult for legitimate use. With
large bot networks and tools like
On Fri, February 13, 2015 9:05 am, Always Learning wrote:
On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote:
On 02/13/2015 09:15 AM, Chris Adams wrote:
Yeah, the old move stuff to alternate ports thing is largely a waste
of time and just makes it more difficult for legitimate use. With
On Feb 13, 2015, at 9:03 AM, Valeri Galtsev galt...@kicp.uchicago.edu wrote:
...changing port numbers...does not really add security. Security through
obscurity is only considered to be efficient by Windows folks.
“Security through obscurity” is an overused mantra of derision.
Originally,
On Fri, 2015-02-13 at 10:03 -0600, Valeri Galtsev wrote:
On Fri, February 13, 2015 9:05 am, Always Learning wrote:
I always change the SSH port to something conspicuously different. Every
server has a different and difficult to guess SSH port number with
access restricted to a few IP
On Fri, 2015-02-13 at 11:21 -0500, m.r...@5-cent.us wrote:
I disagree - I am in the waste of time camp. The reality is that only
script kiddies start out by trying 22 (and I *do* mean script kiddies -
I've seen attempts to ssh in that were obviously from warez, man, where
they were too
On Fri, 2015-02-13 at 18:27 -0800, PatrickD Garvey wrote:
On Fri, Feb 13, 2015 at 7:12 AM, Lamar Owen lo...@pari.edu wrote:
On 02/13/2015 05:41 AM, James Hogarth wrote:
This is also why the Orange Book and its Rainbow kin exist (Orange Book =
5200.28-STD, aka DoD Trusted Computer System
On Fri, Feb 13, 2015 at 7:12 AM, Lamar Owen lo...@pari.edu wrote:
On 02/13/2015 05:41 AM, James Hogarth wrote:
This is also why the Orange Book and its Rainbow kin exist (Orange Book =
5200.28-STD, aka DoD Trusted Computer System Evaluation Criteria).
Should anyone care to learn from the
Warren Young wrote:
Hi, just a quick note to whoever is maintaining this page:
http://wiki.centos.org/HowTos/Network/SecuringSSH
The procedure is missing the firewall-cmd calls necessary in EL7:
firewall-cmd --add-port 2345/tcp
firewall-cmd --add-port 2345/tcp --permanent
Also, it
14 matches
Mail list logo
