Forum OpenACS Development: Response to OT: Security Alert

Collapse
Posted by Tom Jackson on

Jon,

Thanks for your advice on using portsentry and logcheck! I installed that the the last time I got worried about ssh. Now I have moved ssh to a higher port, but probably it is time to replace it with a version that is invulnerable (at least for now).

One question on portsentry for those who might only want to rely on moving the port number around. I have configured portsentry to install a new ipchain to blackhole an attacker. This was supposed to be better than creating a route to a dead host, or a reject route. However, this method still allows the attacker to probe open ports, or so it seems, as I tried to connect twice to a closed port which activated the tripwire, but I was still able to connect to a webserver. If this is true, it seems that this option has much effect on an attacker looking for vulnerabilities.