[plug] Attempted Intrusions [UNCLASSIFIED]
Marc Wiriadisastra
marc-w at smlintl.com.au
Tue Oct 26 08:26:27 WST 2004
Clark Julian wrote:
> IIRC Port numbers < 1024 are considered frequently used ports...
> I'm not sure what port 26 does, but if I was to be shifting my ssh port,
> I'd aim for a random number between 32000 and 65000.
> These are less frequently used.
>
Yeah port 26 was possibly used for imap I was told so I picked my
birthday as a port instead so I can remember it. Its not a technical
way of figuring a port but hey it works.
Since yesterday not a single attempt to access the network apart from me
trying to access it using stupid commands like -D instead of -p :P but
thats just my stupidity.
> Have you considered disabling root login via ssh also?=20
> You can always use a special user and su once you're in.
>
I have already disabled root access.
> Considering that most of these script kiddies are trying to login with
> users such as root && test,
> this may be another significant way of defending against these attacks.
>
> Cheers,
>
> Julian Clark
>
>
More information about the plug
mailing list