 DanielPremium,MVM
join:2000-06-26
San Francisco, CA
4 edits | said by Name Game:Rambling on..not caring how gentle the OP feels the need to be as he once again shows up promoting his blog..and now with warnings no less..  and personal ones at best. I'm promoting all right -- promoting conversation here in this forum. Trust me, the benefit I get from visitors from here hitting my site is virtually nil. I really don't need the 11 cents a year. I post the original link because it usually is written differently than I write the post here (it's usually longer), and some might like to read that one too. Nice try, though.
said by Name Game:Logs are fun to look at..but they do not indicate a compromise unless you let 'them' in the door. Wow. Thanks for that deep contribution to the discipline of log analysis.
said by Name Game:I have no idea what layered security you do have on your system..but I do not consider moving a common port as a 'layer' of Security. Ah, well at least we've now identified the problem.
said by Name Game:An exploit is not a compromise...unless you ARE vulnerable. I see. And how about if the exploit is sent to the wrong f**king port? 
said by Name Game:BTW..have you convinced the world to use port knocking yet ?? Why would I have to convince the world to do that? There's a whole portknocking project for that. Besides, I'm more of an SPA guy myself.
The point of both of those technologies is the same, though -- an additional layer. They're much stronger in my opinion than just moving your listener to another port, but they're ultimately the same. They result in fewer connections to your daemon by attackers, which lowers your overall risk.
--
dmiessler.com -- grep understanding knowledge |
