[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ports



  Hi,

On Sun, 26 Apr 1998, Guy Cohen wrote:

> > Actually, when you find a login running on a nonstandard port, it means
> > the machine has been hacked. I know, it's not certain, but it's worth
> > mentioning.
> So not true,

I said it's not certain. It still wararnts checking.

> i know a hole lot of ppl , that changed the telnet port at the services
> file, just to prevents such attempts.

Then they are muisguided. It's not really difficult to find out alternate
login ports running on a computer. There's a virtually infinite number of
utilities that check that. The _only_ way to prevent attacks is to block
telnet alltogether, or use tcp-wrappers if you _must_ use telnet.

Anyway, it might be true that a lot of people _do_ move the telnet port -
but almost the first thing _any_ hacker gaining root-access to a system
will do is either _completely_ replace /bin/login, and/or have their own
login running on some secret port. 

			Bye,

				-Yaron.