On Monday 29 July 2002 10:56 pm, David Guntner wrote: > I aggee with you that security through obscurity is no security at all. > However, adding obscurity as a layer on top of existing security certainly > doesn't hurt anything. :-)
Indeed, if someone were doing a bulk scan of ip address blocks, wouldn't they most likely "miss" services on non-standard ports? If they are specifically targeting your address, aren't there ways of slowing them down? Here's a thought, how about a few random bogus services? Something that looks like a ssh login, but _always_ fails--AND throws up a big warning message (to the console or some such) for good measure? Or maybe automatically blocks that IP address for good? Actually, if you're going to do the later, it could be something as simple as a listening socket that blocks any IP address that attempts to connect to it... (Personally I'd get more satisfaction out of wasting the hackers time with a bogus login prompt, but that's just me... :) Finally, David, have you considered the possibility that the security breach actually came from your Windoze :) box? If you picked up a trojan keystroke watcher, and you login from that box, then someone's got your password... On the plus side, if I'm reading the Snort docs correctly, once you have that installed, it will watch for any strange activity on your local network, not just targeted at your linux box. (So, if e.g. your Windows PC starts broadcasting BackOrifice messages you'll know it...) -Jason ========================= "In a word -- im-possible!" "That's two words," said Dibbler. (Moving Pictures)
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
