Rookit infections: AARRGH!
Derek Martin
invalid at pizzashack.org
Mon May 9 11:54:01 EDT 2005
On Mon, May 09, 2005 at 10:55:02AM -0400, Bill McGonigle wrote:
> On May 9, 2005, at 09:38, Fred wrote:
>
> >Still, what I could probably do is implement a scheme where visiting a
> >particular webpage (and giving proper authentication) would enable that
> >IP address for ssh. Come to think of it, that's not such a bad idea
> >after all! That will also allow my users to ssh into from their
> >locations should they need to.
>
> Mmmm - good idea. Please share the script when you get it done. Or if
> anyone has field experience with port knocking and OpenSSH
> <http://gentoo-wiki.com/HOWTO_Port_Knocking> I'd like to hear the
> trials and travails.
>
> The reason to disable root account ssh login is just an odds game -
> every unix system is guaranteed to have a root user so it's a good one
> for password guessers to start with. Any other account can be renamed.
> The converse is one could argue that people pay more attention to root
> account security so you're better off starting with admin/admin and
> doing a local exploit.
>
> Plus, it's easy - if you have your account in sudoers under ALL there's
> no need for a root login and you get better auditability with multiple
> admins.
>
> -Bill
> -----
> Bill McGonigle, Owner Work: 603.448.4440
> BFC Computing, LLC Home: 603.448.1668
> bill at bfccomputing.com Mobile: 603.252.2606
> http://www.bfccomputing.com/ Pager: 603.442.1833
> AIM: wpmcgonigle Skype: bill_mcgonigle
>
> For fastest support contact, please follow:
> http://bfccomputing.com/support_contact.html
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
--
Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address. Replying to it will result in
undeliverable mail. Sorry for the inconvenience. Thank the spammers.
More information about the gnhlug-discuss
mailing list