[Asterisk-Users] asterisk@home scary log

Thu Feb 10 12:24:24 MST 2005

On Thu, 10 Feb 2005 10:51:33 -0600, Rich Adamson <radamson at routers.com> wrote:
> > I had the system setup to allow http and ssh.
> >
> > The hack came in through ssh.
> 
> For those that aren't heavily involved with security topics, there
> has been many different approachs from many different IP's attempting
> to:
>  a) exploit known ssh holes, and,
>  b) ssh password guessing
> 
> We tend to watch these attempts rather closely through intrusion detection
> tools like snort. As consultants, we are also under retainers to
> assist other companies with securing their facilities and watching
> for exploits. The exploit attempts happen every single day.
> 
> There are multiple password guessing tools commonly available on
> the Internet. I eval'ed one of the tools and it took five seconds
> to guess a password that was five characters in length. It took an
> hour to guess a password that was eight characters, and around
> twenty-four hours to guess a password that was eight characters made
> up of uppercase, lowercase and non-alpha characters (eg, complex).
> Regardless, the guessing process is simply how much time does one
> want to devote to doing it (eg, what's the return value for spending
> the time exploiting a system).
> 
> It doesn't make much difference whether one exposes telnet or ssh.
> Both can be exploited. But, the more complex you make the password,
> the more time-consuming and difficult it is to guess it.
> 
> So, if you must expose either telnet or ssh, make your passwords very
> long and complex. If your O/S has the capability to lockout the account
> after 'xx' failed passwords, then do that. Automatically resetting the
> process after 'y' minutes disrupts the guessing process without the
> hacker knowing it, but still allows you access after that auto reset.
> Using something like seven failed attempts with a five minute reset
> is more then adequate in most cases.
> 
> 
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
> 

I know that there are opinions in opposed to it, but what about port
knocking in addition to everything we've discusses.  Scanners would
simply move along after seeing no open ports.  I realize this is a
form of security through obscurity, but it seems in some instances it
would be a good *addition* to *other* security measures (never to be
used as the sole security measure).

Geoff

-- 
I have some G-Mail invites.
Let me know if you want one.