[plug] Attempted Intrusions [UNCLASSIFIED]

Clark Julian Julian.Clark at cdpp.gov.au
Mon Oct 25 12:39:39 WST 2004


IIRC Port numbers < 1024 are considered frequently used ports...
I'm not sure what port 26 does, but if I was to be shifting my ssh port,
I'd aim for a random number between 32000 and 65000.
These are less frequently used.

Have you considered disabling root login via ssh also? 
You can always use a special user and su once you're in.

Considering that most of these script kiddies are trying to login with
users such as root && test,
this may be another significant way of defending against these attacks.

Cheers,

Julian Clark



-----Original Message-----
From: plug-bounces at plug.linux.org.au
[mailto:plug-bounces at plug.linux.org.au] On Behalf Of Marc Wiriadisastra
Sent: Monday, 25 October 2004 12:27 PM
To: plug at plug.linux.org.au
Subject: Re: [plug] Attempted Intrusions

garry wrote:
> 
> 
>>>
>> Do I just set that up through xinetd or do I have to actually change 
>> the conf file.
>>
>> I changed the conf file to port 23 however do I have any other 
>> editing to do??
I just changed it to port 26 it looks like there isn't anything there
using it according to the services file.

IF there is anything that uses it that you know please tell me so that I
can fix that.


Regards

Marc

_______________________________________________
PLUG discussion list: plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
Committee e-mail: committee at plug.linux.org.au




**********************************************************************
The information contained in this message and in any attachments is privileged and confidential and intended only for the use of the addressee. You should not read, copy, use or disclose this information without authorisation. If you are not the intended recipient of this message, please e-mail the sender immediately and delete this message. Any unauthorised dissemination, disclosure, copying or use of the contents of this message is prohibited and may result in legal action.
**********************************************************************




More information about the plug mailing list