[OpenIndiana-discuss] Who is trying to break in ?

bentahyr at chez.com bentahyr at chez.com
Wed Jul 1 07:51:49 UTC 2015


Hi, 
I've been using sshl to multiplex openvpn, https and ssh on port 443 to be able to go through anything and before that I was using tcpproxy for the same reason.
I'm pretty impressed by sshl and I hope to use it when I replace the linux all-in-one box by an refurbished Ultra 20/hipster.

To be honest, for a very long time I had port 22 opened as well for ssh the time to trust sshl and the difference is quite noticeable, security wise.
On the other hand, if you don't allow root login, have good passwords for users and root and log rotation correctly set, port 22 or not is just a convenience question but I'm not a security guy, really.

Ben.

----- Mail original -----
De: "Jim Klimov" <jimklimov at cos.ru>
À: "Discussion list for OpenIndiana" <openindiana-discuss at openindiana.org>, "Till Wegmüller" <toasterson at gmail.com>
Envoyé: Lundi 29 Juin 2015 21:02:44
Objet: Re: [OpenIndiana-discuss] Who is trying to break in ?

29 июня 2015 г. 9:37:26 CEST, "Till Wegmüller" <toasterson at gmail.com> пишет:
>Brogyányi József schrieb am Sunday 28 June 2015 11.01:55:
>
>> /The last was strange a little bit because he wanted to switch of the
>
>> server. I think you have to change the 21 and 22 communication port.
>> I use the 443 port for ssh. I can reach the server easily from
>anywhere 
>> because every company left it open that port.
>
>I Advise Strongly against using a different port for SSH. Especially a
>port like 443 which by default is used by apache and other webservers.
>Some Webservers might refuse to launch depending on their
>configuration.
>
>> I've noticed some text output before shutting down the system.
>> It seems someone ( or bots ) are constantly trying to log in as root.
>
>Yea there are some Chinese Bot nets that scan for open SSH Ports and
>try to log in with root. I have them on every SSH capable server which
>is Internet reachable. They don't only scan 22 but also 666 or 1337.
>But they only make tries with weak default passwords like 12345. 
>
>If you want to block them I suggest the Tool fail2ban. I use it on my
>Linux boxes and it works like a charm. There also seems to be a Port
>for snv_134 https://github.com/jamesstout/fail2ban-0.8.4-OpenSolaris
>but I haven't tested that.
>
>Greetings Till
>
>_______________________________________________
>openindiana-discuss mailing list
>openindiana-discuss at openindiana.org
>http://openindiana.org/mailman/listinfo/openindiana-discuss

Got no qualms about ssh (or openvpn) on port 443 - indeed, if one sets up something non-standard, gotta be ready for the consequences. And to all ids'es and sniffers, cryptotraffic looks much the same (different dynamic flow patterns may be discerned by the smarter filters out there though).

As was said earlier, many networks (especially free wifi, and some cellulars) only allow http(s) outwards, so there's not much choice for road-workers.

Also, there are server-side projects to colocate frontends for https and ssh or openvpn on the same socket to veil it even more.


--
Typos courtesy of K-9 Mail on my Samsung Android

_______________________________________________
openindiana-discuss mailing list
openindiana-discuss at openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss



More information about the openindiana-discuss mailing list