On Monday, 25.04.2005 at 17:46 -0700, Paul Johnson wrote: > On Monday April 25 2005 7:50 am, Dave Ewart wrote: > > > Changing SSH port is 'really' more secure (obscurity and all that), > > but it's an extra layer and, if nothing else, stops your logs > > getting cluttered with all the failed logins ... > > Another thing you'll want to do is avoid the bloody obvious logins > that the automated scans seem drawn towards. Might be interesting to > set up a honeypot that accepts any login with any password and see > what it tries to do. I'd do it, but don't have the resources to set > up a honeypot, much less know how to set one up securely. I think someone tried this recently; I believe there was a write-up about it on the Security Focus 'incidents' list a while back ... IIRC a lot of it was 'user backup, password backup' etc. Not very clever, so probably not much a real threat, more an annoyance. Dave. -- Please don't CC me on list messages! ... Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Attachment:
signature.asc
Description: Digital signature