[ale] ssh remote root exploit :-(

Jonathan Rickman jonathan at xcorps.net
Wed Jun 26 09:21:04 EDT 2002


On Tue, 25 Jun 2002, Jim Popovitch wrote:

> One thing everyone can do is to move the ssh port to some arbitrary port
> number.  Anyone who wants to sweep for ssh vulnerabilities will have their
> hands full for a while looking for machines on port 22.
>
> Here's how you do it...
>
> edit /etc/ssh/sshd_config and change the port line from 22 to a number not
> referenced in /etc/services.  I would suggest something greater than 30,000
> and less than 65,535.
>
> Next restart sshd by running /etc/init.d/ssh restart or /etc/rc.d/init.d/ssh
> restart (depending on your distro it may be init.d/sshd or init.d/ssh).
>
> The test it out by ssh'ing to the new port:
>
>    ssh -p 30303 localhost

I'll second that. Security through obscurity has been said to be no
security, but under some circumstances, it sure is better than the
alternative. I've been running alot of stuff on non-standard ports for a
long time now. If it doesn't need to be readily accesible to the public, I
run it on an off the wall port number. This can buy you some time between
the release of a bug and the patch. It also can help to avoid the dreaded
"0-day" exploit.

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list