Re: [?] DYNDNS host vulnerability

From: Doug Mitton <doug_mitton@xxxxxxxxxxxxx>
Date: Sat, 23 Feb 2008 08:17:45 -0500

Wolfgang Draxinger <wdraxinger@xxxxxxxxxxxxxxxx> wrote:

Doug Mitton wrote:

Thats one of the reasons why it is recommended that you
configure your system to not allow "root" to log in remotely.

The best thing is to use Public Key authentication with SSH and
disallow password access at all. That way there's simply no way
an intruder could get in, as long the SSHD itself has no
security leak. On the remote side you should put all the
programs you need for administrating things (but only those
programs) into sudoers so that your usual admin account can use
them w/o password. For everything else a password should be
required, or another account should be used.

Now, it is a matter of guessing a valid user ID as well as a
password, THEN trying to guess "roots" password..

And if you got pam_wheel, then only users in the wheel group
may "su".

I also use non-standard ports for my admin services

Doesn't really aid in security. nmap tells you which ports are
open. And to see what deamon is behind it, you just do a trial
and error test of several protocols.

Port Knocking is here the better way to conceal things.

as well as firewall rule to lockout multiple access attempts in
a short period of time.

This is actually a good idea, but make the firewall rule so, that
only access attempts that failed to authenticate result in a
denial.

Wolfgang Draxinger

All good ideas. The point being is that there are many solutions to
the problem and you just need to fix or implement those that are for
your specific requirements.

My system in particular has evolved over time due to situations which
have impacted me. The main reason for the 1) alternate server ports
and 2) lock-out after an excessive number of attempts per minute is to
cut down on the error logs generated by script-kiddies. Also, the
alternate server ports resolves issues with ISP's who block certain
ports getting into their address space.

To the OP ... good luck in your implementation. Also, if you "think"
you see a problem, do a search or post a message and you will get MANY
ideas!
--
------------------------------------------------
http://www3.sympatico.ca/dmitton
SPAM Reduction: Remove "x." from my domain.
------------------------------------------------
.

Follow-Ups:
- Re: [?] DYNDNS host vulnerability
  - From: Wolfgang Draxinger

References:
- [?] DYNDNS host vulnerability
  - From: Fr@nk Stef@ni
- Re: [?] DYNDNS host vulnerability
  - From: Andy Ruddock
- Re: [?] DYNDNS host vulnerability
  - From: Fr@nk Stef@ni
- Re: [?] DYNDNS host vulnerability
  - From: Doug Mitton
- Re: [?] DYNDNS host vulnerability
  - From: Wolfgang Draxinger

Prev by Date: Re: [?] DYNDNS host vulnerability
Next by Date: Re: [?] DYNDNS host vulnerability
Previous by thread: Re: [?] DYNDNS host vulnerability
Next by thread: Re: [?] DYNDNS host vulnerability
Index(es):
- Date
- Thread