Re: Continuous brute force attempt from own server !!! (OT question)

To: debian-user@lists.debian.org
Subject: Re: Continuous brute force attempt from own server !!! (OT question)
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sun, 28 Jul 2013 10:12:42 -0300
Message-id: <[🔎] 20130728131242.GA7076@khazad-dum.debian.net>
In-reply-to: <[🔎] 20130728053748.GB20388@big>
References: <[🔎] 20130726121236.1b8213ba@shiva.selfip.org> <[🔎] 51F238BF.5050509@online.de> <[🔎] 20130726143527.23b9c829@shiva.selfip.org> <[🔎] 51F24778.1080008@gmail.com> <[🔎] 26072013212420.2e0af51bd8c5@desktop.copernicus.demon.co.uk> <[🔎] 51F38D41.1000606@gmail.com> <[🔎] 20130727115259.GA18454@copernicus.demon.co.uk> <[🔎] 20130727170629.GD1735@khazad-dum.debian.net> <[🔎] 20130727222740.GA19973@big> <[🔎] 20130728053748.GB20388@big>

On Sat, 27 Jul 2013, Paul E Condon wrote:
> I intended the question to be answered in the context of the post by
> Henrique de Moraes Holschuh, where 'across security domains' is
> considered less desirable than 'across hosts'. I know what hosts are
> when writing computer stuff, but, come to think about it what does it
> mean to rotate keys? Is the idea that a particular key string is to be

Switching to a new one and disposing of the older one is, for whatever
reason, usually called "rotating the keys".

> reused on some host after it has been removed from service on some
> other host? I had thought that it was best to never use a retired key
> string again - but security is tricky - maybe there might be some

You're correct.  It is best to dispose of old keys, and never reuse them.

> point in using old strings as the keys on some (unmentioned) honey pot
> servers.

You could do that, but there might be risks associated with that (or not).

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: Continuous brute force attempt from own server !!! (OT question)
  - From: Joel Rees <joel.rees@gmail.com>

References:
- Continuous brute force attempt from own server !!!
  - From: J B <bakshi12@gmail.com>
- Re: Continuous brute force attempt from own server !!!
  - From: benjamin kent <thepaladin@online.de>
- Re: Continuous brute force attempt from own server !!!
  - From: J B <bakshi12@gmail.com>
- Re: Continuous brute force attempt from own server !!!
  - From: Lars Noodén <lars.nooden@gmail.com>
- Re: Continuous brute force attempt from own server !!!
  - From: Brian <ad44@cityscape.co.uk>
- Re: Continuous brute force attempt from own server !!!
  - From: Lars Noodén <lars.nooden@gmail.com>
- Re: Continuous brute force attempt from own server !!!
  - From: Brian <ad44@cityscape.co.uk>
- Re: Continuous brute force attempt from own server !!!
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Continuous brute force attempt from own server !!! (OT question)
  - From: Paul E Condon <pecondon@mesanetworks.net>
- Re: Continuous brute force attempt from own server !!! (OT question)
  - From: Paul E Condon <pecondon@mesanetworks.net>

Prev by Date: Re: root.root and netdev group for /dev/net/tun ?
Next by Date: Re: root.root and netdev group for /dev/net/tun ?
Previous by thread: Re: Continuous brute force attempt from own server !!! (OT question)
Next by thread: Re: Continuous brute force attempt from own server !!! (OT question)
Index(es):
- Date
- Thread