North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Customer-facing ACLs
On Sat, 8 Mar 2008, Dave Pooser wrote:
Oh, there's plenty of names in one of my server logs too... looks almost like they've gone through a name-choosing handbook.
I can understand the logic of dropping the port, but theres some additional thought involved when looking at Port 22 - maybe i'm not well-read enough, but the bots I've seen that are doing SSH scans, etc, are not usually on Windows systems. I can figure them working on Linux, MacOS systems - but surely the vast majority of 'vulnerable' hosts are those running OS's coming from our favourite megacorp? Which typically don't come shipped with neither SSH server nor SSH client... ?
To me, at least half the users likely to be running either Linux or Mac are going to be the same users who're going to request they be allowed outbound SSH.... is the blocking of outbound SSH considered to be sufficiently useful that we're advocating it these days?
(Aren't we all just moving SSH to non-standard ports within our networks anyway?)