[OpenIndiana-discuss] Who is trying to break in ?

Wed Jul 1 10:15:04 UTC 2015

1 июля 2015 г. 9:51:49 CEST, bentahyr at chez.com пишет:
>Hi, 
>I've been using sshl to multiplex openvpn, https and ssh on port 443 to
>be able to go through anything and before that I was using tcpproxy for
>the same reason.
>I'm pretty impressed by sshl and I hope to use it when I replace the
>linux all-in-one box by an refurbished Ultra 20/hipster.
>
>To be honest, for a very long time I had port 22 opened as well for ssh
>the time to trust sshl and the difference is quite noticeable, security
>wise.
>On the other hand, if you don't allow root login, have good passwords
>for users and root and log rotation correctly set, port 22 or not is
>just a convenience question but I'm not a security guy, really.
>
>Ben.
>
>----- Mail original -----
>De: "Jim Klimov" <jimklimov at cos.ru>
>À: "Discussion list for OpenIndiana"
><openindiana-discuss at openindiana.org>, "Till Wegmüller"
><toasterson at gmail.com>
>Envoyé: Lundi 29 Juin 2015 21:02:44
>Objet: Re: [OpenIndiana-discuss] Who is trying to break in ?
>
>29 июня 2015 г. 9:37:26 CEST, "Till Wegmüller" <toasterson at gmail.com>
>пишет:
>>Brogyányi József schrieb am Sunday 28 June 2015 11.01:55:
>>
>>> /The last was strange a little bit because he wanted to switch of
>the
>>
>>> server. I think you have to change the 21 and 22 communication port.
>>> I use the 443 port for ssh. I can reach the server easily from
>>anywhere 
>>> because every company left it open that port.
>>
>>I Advise Strongly against using a different port for SSH. Especially a
>>port like 443 which by default is used by apache and other webservers.
>>Some Webservers might refuse to launch depending on their
>>configuration.
>>
>>> I've noticed some text output before shutting down the system.
>>> It seems someone ( or bots ) are constantly trying to log in as
>root.
>>
>>Yea there are some Chinese Bot nets that scan for open SSH Ports and
>>try to log in with root. I have them on every SSH capable server which
>>is Internet reachable. They don't only scan 22 but also 666 or 1337.
>>But they only make tries with weak default passwords like 12345. 
>>
>>If you want to block them I suggest the Tool fail2ban. I use it on my
>>Linux boxes and it works like a charm. There also seems to be a Port
>>for snv_134 https://github.com/jamesstout/fail2ban-0.8.4-OpenSolaris
>>but I haven't tested that.
>>
>>Greetings Till
>>
>>_______________________________________________
>>openindiana-discuss mailing list
>>openindiana-discuss at openindiana.org
>>http://openindiana.org/mailman/listinfo/openindiana-discuss
>
>Got no qualms about ssh (or openvpn) on port 443 - indeed, if one sets
>up something non-standard, gotta be ready for the consequences. And to
>all ids'es and sniffers, cryptotraffic looks much the same (different
>dynamic flow patterns may be discerned by the smarter filters out there
>though).
>
>As was said earlier, many networks (especially free wifi, and some
>cellulars) only allow http(s) outwards, so there's not much choice for
>road-workers.
>
>Also, there are server-side projects to colocate frontends for https
>and ssh or openvpn on the same socket to veil it even more.
>
>
>--
>Typos courtesy of K-9 Mail on my Samsung Android
>
>_______________________________________________
>openindiana-discuss mailing list
>openindiana-discuss at openindiana.org
>http://openindiana.org/mailman/listinfo/openindiana-discuss
>
>_______________________________________________
>openindiana-discuss mailing list
>openindiana-discuss at openindiana.org
>http://openindiana.org/mailman/listinfo/openindiana-discuss

You can also boost security with no passwords allowed, keys only for ssh auth ;)
--
Typos courtesy of K-9 Mail on my Samsung Android