[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh: Repeated intrusion attempts



> - sniff any/all of the emails and follow that email into the server
>  and try to guess their passwords

I'm particularly concerned that spammers can find out valid email accounts 
on our system.  From what you say it looks as if that's unavoidable unless I 
take elaborate precautions.

Currently there's only one user who's a member of the "ssh_user" group. 
Only members of this group are allowed to log in because of "AllowGroups 
ssh_user" in /etc/ssh/sshd_config.  I think I'll create new login names for 
members of this group and will put a REJECT in my /etc/mail/aliases.  That 
will make it difficult to guess the name as they won't receive any emails.

> - never use the same email addy ( john )  as your any of your loginID
> ( john ) ..  one of it should be "jsmith"  or some other non-guessible
> loginid  ... and aliase john@foo.com in your /etc/alias files back to
> j1z3k5 so that j1z3k5 can read/delete/reply their emails addressed to
> john

Sounds a bit complicated.  I know what you're getting at.

>
>> I am running Woody, with up-to-date patches, behind a cheap hardware
>> firewall-router.  Open ports are 22 (sshd), 25 (sendmail), 80 (apache), 
>> 443
>> (apache-ssl), 993 (courier-imap over ssl) and 995 (courier-pop over ssl).
>
> pretty good :-) .. except do not depend on the firewall .. assume its
> cracked and protect everything else ...
> ( full and incremental and encrypted backups .. dating back months.. )
>

Done that.  Using Mondo.  I keep a CD-ROM backup at home away from the 
office.  Brilliant utility, except that it took about a week to find a 
version that worked properly.  Default one doesn't. 





Reply to: