Re: Have I been hacked?
On Fri 09 Jan 2015 at 10:41:02 -0500, Jerry Stuckle wrote:
> On 1/8/2015 3:02 PM, Brian wrote:
> >
> > If you have resorted to using iptables you have lost it. A standard
> > Debian install doesn't need it.
>
> I disagree. iptables is a great tool for blocking unwanted connections.
>
> What do you have against it?
I have nothing against it and, in fact, agree with you. I'll enlarge on
my sketchy remarks.
The OP installs Debian with (say) Gnome. There are no listening services
so there is no need to block any connections. If it happened that sshd
was installed at the same time (or later) the use of ssh keys or a very
strong password for authentication is sufficient to protect the service.
However, there can be a big annoyance factor when attempts to log on the
server take place. Software like fail2ban (which uses iptables) can be
some comfort here and will at least reduce the noise in auth.log. Last
year this machine saw about 4000 such random connections. I don't know
how typical that is but none of them caused me to lose any sleep.
Iptables can do a great job blocking unwanted connections. If someone
wants to use it as a way of obtaining peace of mind, that's fine. But
it doesn't add one iota of security to a well-set-up and well-managed
sshd.
With more services running the need is to understand their different
security needs. Substituting the use of iptables for understanding isn't
(IMO) something that needs to be top of the list.
Reply to: