[Gllug] [Fwd: SSH Security Advisory: Centos (and other distros)]

Bruce Richardson itsbruce at workshy.org
Wed Jul 8 23:11:01 UTC 2009


On Wed, Jul 08, 2009 at 10:27:52PM +0100, Karanbir wrote:
> On 07/08/2009 04:49 PM, Harry Rickards wrote:
> > - From the looks of the replies and the links on a debian-user thread
> > about it, it looks like changing the port
> 
> he first step in that exploit process is a nmap scan.. and if anyone 
> does it aggressively enough, they will find ssh on any port on the 
> machine. So whoever told you that changing ports is a good idea, doesnt 
> really know anything about this specific issue.

Very few people are the victims of purposeful, targetted scans; most
attacks, even zero-day exploits, are launched in a largely automated
fashion against lists of potentially vulnerable hosts which were
generated by broad sweeps of large ip blocks.  Those sweeps do not
agressively scan every port on a host - they tend not to try that even
lightly because that would invite detection and blocking - why risk that
when there are bound to be many easy pickings on the standard ports?

Running ssh on a non-standard port often isn't practical for other
reasons and I would never rely on it by itself; that said, it absolutely
*can* help protect against zero-day exploits and other attacks.

-- 
Bruce

Explota!: miles de lemmings no pueden estar equivocados.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20090709/1e52fd30/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


More information about the GLLUG mailing list