break-in attempt in my machine

Karl Auer kauer at biplane.com.au
Tue Aug 30 04:33:38 UTC 2016 

On Tue, 2016-08-30 at 13:07 +0900, Joel Rees wrote:
> And my thought there was that skript kiddies are no longer the only
> people we should worry about.

Here's a lesson learned from a zillion hours of training people: Don't
try to do everything at once.

The OP had a specific problem, recognisable as script kiddy attacks. My
response addressed that, and anyone following through on the first few
of my suggestions will have a robust system, which will see very few
script kiddy attacks if any, and those they do see will not succeed.

They will have a robust system; not an impervious one.

> It's a good list to get started, but we should really be encouraging
> users to understand what logging in means, how it is done, how these
> attacks use our computers against us, and so forth.

Well, you go do that. But please don't do it by muddying the waters
around what was a simple problem with easy-to-implement solutions.

When someone wants to learn how to make toast, you don't immediately
try to sell them a fully kitted-out professional kitchen and start
telling them how vitally important it is to understand everything about
the use and abuse of automated chrome-plated fuel-injected turnip-
twaddlers.

> A quick browse through /etc/services is amusing.

Pick a random port number >1024 and the chances are very good that it
will be a port number you can use. Simple advice, easily followed.
Unlike "do a thousand hours of research to locate the optimally suited
set of port numbers".

> Well, if you can afford to go all-IPv6 now, I think you've just told
> the attackers you have something interesting in you network.

What? Who said "all-IPv6"? If you can access your network via IPv6, as
an increasing proportion of the civilised world can, then turning off
IPv4 access to ssh is a simple and VERY effective way to stop script
kiddies (and a pretty large number of other attacks, too). So far,
anyway.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4

More information about the ubuntu-users mailing list