Re: Continuous brute force attempt from own server !!! (OT question)

To: debian-user <debian-user@lists.debian.org>
Subject: Re: Continuous brute force attempt from own server !!! (OT question)
From: Joel Rees <joel.rees@gmail.com>
Date: Mon, 29 Jul 2013 21:16:50 +0900
Message-id: <[🔎] CAAr43iPBDvMgWTvzuRo0uHCoNH5h_LZeupD+ACk1yg4jHU_UHw@mail.gmail.com>
In-reply-to: <[🔎] 20130728131242.GA7076@khazad-dum.debian.net>
References: <[🔎] 20130726121236.1b8213ba@shiva.selfip.org> <[🔎] 51F238BF.5050509@online.de> <[🔎] 20130726143527.23b9c829@shiva.selfip.org> <[🔎] 51F24778.1080008@gmail.com> <[🔎] 26072013212420.2e0af51bd8c5@desktop.copernicus.demon.co.uk> <[🔎] 51F38D41.1000606@gmail.com> <[🔎] 20130727115259.GA18454@copernicus.demon.co.uk> <[🔎] 20130727170629.GD1735@khazad-dum.debian.net> <[🔎] 20130727222740.GA19973@big> <[🔎] 20130728053748.GB20388@big> <[🔎] 20130728131242.GA7076@khazad-dum.debian.net>

On Sun, Jul 28, 2013 at 10:12 PM, Henrique de Moraes Holschuh <hmh@debian.org> wrote:

On Sat, 27 Jul 2013, Paul E Condon wrote:
> I intended the question to be answered in the context of the post by
> Henrique de Moraes Holschuh, where 'across security domains' is
> considered less desirable than 'across hosts'. I know what hosts are
> when writing computer stuff, but, come to think about it what does it
> mean to rotate keys? Is the idea that a particular key string is to be

Switching to a new one and disposing of the older one is, for whatever
reason, usually called "rotating the keys".

Probably because of perceived similarities to rotating logs?

> reused on some host after it has been removed from service on some
> other host? I had thought that it was best to never use a retired key
> string again - but security is tricky - maybe there might be some

You're correct. It is best to dispose of old keys, and never reuse them.

> point in using old strings as the keys on some (unmentioned) honey pot
> servers.

You could do that, but there might be risks associated with that (or not).

Actually, if you are running a network which needs to assume regular penetration (such as the banking internets and banks' intranets), honeypots of various kinds should be part of the network. Tripwire techniques. And the old keys folded into certain honeypots (flypaper servers), which would flag their use as indicating a potential source of privilege leak.

But you have to be very careful, because you are not putting the keys out to be discovered.

--
Joel Rees

Reply to:

Follow-Ups:
- Re: Continuous brute force attempt from own server !!! (OT question)
  - From: Chris Bannister <cbannister@slingshot.co.nz>

References:
- Continuous brute force attempt from own server !!!
  - From: J B <bakshi12@gmail.com>
- Re: Continuous brute force attempt from own server !!!
  - From: benjamin kent <thepaladin@online.de>
- Re: Continuous brute force attempt from own server !!!
  - From: J B <bakshi12@gmail.com>
- Re: Continuous brute force attempt from own server !!!
  - From: Lars Noodén <lars.nooden@gmail.com>
- Re: Continuous brute force attempt from own server !!!
  - From: Brian <ad44@cityscape.co.uk>
- Re: Continuous brute force attempt from own server !!!
  - From: Lars Noodén <lars.nooden@gmail.com>
- Re: Continuous brute force attempt from own server !!!
  - From: Brian <ad44@cityscape.co.uk>
- Re: Continuous brute force attempt from own server !!!
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Continuous brute force attempt from own server !!! (OT question)
  - From: Paul E Condon <pecondon@mesanetworks.net>
- Re: Continuous brute force attempt from own server !!! (OT question)
  - From: Paul E Condon <pecondon@mesanetworks.net>
- Re: Continuous brute force attempt from own server !!! (OT question)
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: home/end keys over ssh
Next by Date: Re: PXE, automatic installation and reboot
Previous by thread: Re: Continuous brute force attempt from own server !!! (OT question)
Next by thread: Re: Continuous brute force attempt from own server !!! (OT question)
Index(es):
- Date
- Thread