[BlueOnyx:12284] Re: Kernel 0-day vulnerability + SSHd Spam Exploit (libkeyutils.so.1.9)
Chris Gebhardt - VIRTBIZ Internet
cobaltfacts at virtbiz.com
Sun Feb 24 08:50:31 -05 2013
Hi Marcello,
On 2/24/2013 2:59 AM, Marcello Torchio wrote:
> Hi everybody,
>
> i'm following this thread.
>
> I'm running two different BO machines. 5108R based. These two boxes are
> behind a firewall.
>
> I've enabled SSH server on both of them, but i'm managing access to this
> service through TCP WRAPPERS so only specified IPs can connect to ssh
> server, otherwise the connection will be refused.
>
> Is it secure or it should be better to set a rule on firewall and manage
> ip based accesses from there?
As we have discussed in this thread, tcp_wrappers (ie: hosts.allow /
hosts.deny) will not provide any protection in this case. For more
information, see [BlueOnyx:12271].
In addition, according to [BlueOnyx:12279], moving SSH to another port
has no effect.
Therefore, if you have the ability to filter SSH, you should consider
doing so. Or of course, you could choose to disable SSH altogether
using the GUI, and then enabling by exception as needed. That may be a
good option for admins who do not have the ability to filter SSH traffic
at the network level.
--
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ
More information about the Blueonyx
mailing list