[lug] Attacks Intensifying

Daniel Webb lists at danielwebb.us
Thu Oct 28 14:22:30 MDT 2004


On Thu, Oct 28, 2004 at 01:06:44PM -0600, Lee Woodworth wrote:

> Unless you have the requirement that users can SSH from anywhere, 
> blocking attackers is opposite of recommended security policy:
>    specifically allow known sources, deny all others.
> 
> My file exchange server requires users to have keys, no passwords 
> allowed. It looks to me that the time I spent setting up user keys and 
> allowing their addresses is less than the time you are going to spend on 
> blocking attackers.

I like to be able to log in from anywhere, even though it is less safe.  My
reason for creating the system was actually just to keep the logs from
annoying me so much and out of curiousity as to how many IPs are actually
attacking me.  I could have accomplished the same thing with some fancier log
filter, but this was just the first thing I though of and it didn't take too
long.  If someone can brute-force my password using a remote login interface,
I've got bigger problems than my access policy.

There's a continuum between convience and security, my acceptable risk is
just higher than yours.  I like the convenience of being able to log in from
anywhere.

Daniel



More information about the LUG mailing list