|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: sniffer/promisc detector
+++ Jason Slagle [22/01/04 19:13 -0500]: > > The point of the discussion was wether it made sense to run services on > > non-standard ports to deter cr4x0rs. And I feel it doesn't. > I've sat here and watched this discussion and kept my thoughts to myself > because I'm thinking "Maybe I'm missing something", but I don't think I > am. > sshd exploit is known to the kiddies for 3 weeks before getting public. The k1dd13 isn't able to feed a single packet to my exploitable sshd. If I were to run that sshd on a non-standard port, and he wants my ass *and* knows his way around with nmap or such I would gain between minutes and an hour, as shown by others. Thanks to paranoid iptables I would gain days, weeks, months or more, depending on the luck he has with finding out which and 0wn1ng those boxes I use to gain access to the box he wants to cr4x0r. By the way: those boxes run other OSses on different architectures, just as a precaution. Hosted by others. Different networks, different accountnames and passwords. .bash_history linked to /dev/null, you know the works. That hours delay won't save my ass, as it takes three weeks for others to piece together the vulnerability. Those iptables *will* save my ass. More often than a non-standard port, at least. And now for running named on port 54 as a defense against buffer-overflows in bind.. :P -- Ruben van der Leij
|