Mailinglist Archive: opensuse-factory (626 mails)

[Volker Kuhlmann <list0570@xxxxxxxxxxxxxxx>]

On Sat 29 Mar 2008 06:10:43 NZDT +1300, Per Jessen wrote:

> > Erm, the same thing that is better not having any remote service
> > opened by default? The fact that it could have a vulnerability that
> > could lead to a successful attack? 
>
> Doesn't seem to have been much of a problem in the last few years, has
> it?  Also, ssh only becomes vulnerable to an attack when you open the
> port in the firewall.

This is the case Markus wants to protect against. People turn off the
firewall for their desktops because it blocks too much LAN functionality
by default (mostly broadcasts about available services, at a guess).
With the default setting of password-login and the weak passwords on
desktops sshd becomes a BIG HOLE(TM) very quickly, and nothing to do
with coding errors.

>  Even then there is probably still a rate-check
> to stop brute force attacks.

Not by default (though there should be), you'll have to go out of your
way to configure that. Someone who doesn't use sshd won't be doing that.

Volker

-- 
Volker Kuhlmann                 is list0570 with the domain in header
http://volker.dnsalias.net/     Please do not CC list postings to me.
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx