Volker Kuhlmann schreef:
On Sat 29 Mar 2008 06:10:43 NZDT +1300, Per Jessen wrote:
Erm, the same thing that is better not having any remote service opened by default? The fact that it could have a vulnerability that could lead to a successful attack?
Doesn't seem to have been much of a problem in the last few years, has it? Also, ssh only becomes vulnerable to an attack when you open the port in the firewall.
This is the case Markus wants to protect against. People turn off the firewall for their desktops because it blocks too much LAN functionality by default (mostly broadcasts about available services, at a guess). With the default setting of password-login and the weak passwords on desktops sshd becomes a BIG HOLE(TM) very quickly, and nothing to do with coding errors.
I should think to improve the firewall than first. Every firewall can be set to use a lan, just this one can not. Why don't you look at a 'real' firewall, like Nortons sygate, to see how it is done? And as i stated in an earlier mail: when i disable the firewall during the install, ssh closes. Maybe you connect the same behaviour when a firewall gets disabled at any other time, and make this visible. Try it yourself and see.
Even then there is probably still a rate-check to stop brute force attacks.
Not by default (though there should be), you'll have to go out of your way to configure that. Someone who doesn't use sshd won't be doing that.
Volker
-- Enjoy your time around, Oddball (Now or never...) Besturingssysteem: Linux 2.6.25-rc5-git2-5-default x86_64 Current user: oddball@AMD64x2-sfn1 System: openSUSE 11.0 (x86_64) Alpha3 KDE: 4.00.66 (KDE 4.0.66 >= 20080313) "release 6.1" --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org