[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ports
Hi,
On Sun, 26 Apr 1998, Guy Cohen wrote:
> > Actually, when you find a login running on a nonstandard port, it means
> > the machine has been hacked. I know, it's not certain, but it's worth
> > mentioning.
> So not true,
I said it's not certain. It still wararnts checking.
> i know a hole lot of ppl , that changed the telnet port at the services
> file, just to prevents such attempts.
Then they are muisguided. It's not really difficult to find out alternate
login ports running on a computer. There's a virtually infinite number of
utilities that check that. The _only_ way to prevent attacks is to block
telnet alltogether, or use tcp-wrappers if you _must_ use telnet.
Anyway, it might be true that a lot of people _do_ move the telnet port -
but almost the first thing _any_ hacker gaining root-access to a system
will do is either _completely_ replace /bin/login, and/or have their own
login running on some secret port.
Bye,
-Yaron.