It's probably a n00b question and I don't even realise it... but I'm still gonna ask...
I run a bunch of servers, all of them linux (and i'm pretty rusty with linux.. so that's a good start!!!).
...and I've noticed looking through logs that there have been a lot.. and I mean a LOT of attempts to SSH in with invalid credentials. Dictionary attacks, bruteforce, you name it. But... nobody bothers with telnet, even though it's open.
Anyone know why the hackers/botnets/dickheads/etc. are aiming for SSH and ignoring telnet?
Is it indicative of me having a vulnerable SSH service? (I remember before closing it, seeing something about OpenSSH being a vulnerability)... any ideas?
||| = + |-|---------No longer lurking...
m e t h o d-----...Target aquired: BREIN
I'm guessing since so many people disable telnet, bots and whatnot don't even bother. Probably better odds of finding an SSH with default password.
I'd use SSH over Telnet, personally, so I'm suprised you use telnet...
My security guide @ Zeropaid
Unless you are the following people, I do not particularly wish to associate with you:
Krell, HelenaP, mountain_rage, mfgbypooter, Mels_Smileys45, excrement_cranium.
That's it for now. This list will be updated whenever I feel like it.
I'm sure you can set up a program to log the activities taken by those who log in using SSH on your box, do that and see if anyone breaks it, if so, then worry.
As for telnet, disable it ASAP.
How's about them apples?
Yep, I'd second that Malakai1911 and FrozenShadow23 - as for disabling telnet, the only reason should should ever use it is if you're on a private network and there's no chance of anyone ever sniffing packets (since SSH is encrypted, it adds overhead, so if there's no risk of packet sniffing, it'll probably work better to just use telnet)
Also, make sure that you keep your SSH server up-to-date with the latest security fixes (but, I figure you already knew that :) )
Posting Permissions
Reply With Quote
Bookmarks