[plug] Attempted Intrusions [UNCLASSIFIED]

Marc Wiriadisastra marc-w at smlintl.com.au
Tue Oct 26 08:26:27 WST 2004


Clark Julian wrote:
> IIRC Port numbers < 1024 are considered frequently used ports...
> I'm not sure what port 26 does, but if I was to be shifting my ssh port,
> I'd aim for a random number between 32000 and 65000.
> These are less frequently used.
> 
Yeah port 26 was possibly used for imap I was told so I picked my 
birthday as a port instead so I can remember it.  Its not a technical 
way of figuring a port but hey it works.

Since yesterday not a single attempt to access the network apart from me 
trying to access it using stupid commands like -D instead of -p :P but 
thats just my stupidity.

> Have you considered disabling root login via ssh also?=20
> You can always use a special user and su once you're in.
>
I have already disabled root access.

> Considering that most of these script kiddies are trying to login with
> users such as root && test,
> this may be another significant way of defending against these attacks.
> 
> Cheers,
> 
> Julian Clark
> 
> 




More information about the plug mailing list