Filtrar SSh por MAC
Morenisco
morenisco en noc-root.net
Mar Oct 7 17:12:47 CLT 2008
On Tue, October 7, 2008 2:21 pm, Aldrin Martoq wrote:
[...]
> Ahora, para que necesitas filtrar ssh? se supone que es bastante seguro,
> si sufres de paranoia, cambiarlo de puerto seria mas efectivo.
Naah, no es mas efectivo, por ejemplo, cambie el puerto de ssh al 222:
Nota: cambie la IP real por $IP
1) Escaneo basico:
growing:/etc/ssh# nmap $IP
Starting Nmap 4.62 ( http://nmap.org ) at 2008-10-07 17:03 CLT
Interesting ports on dhcp-santiago2-4fl-loc-10-153-250.cl.oracle.com
(10.157.153.250):
Not shown: 1708 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
113/tcp open auth
222/tcp open rsh-spx
902/tcp open iss-realsecure
3128/tcp open squid-http
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 0.313 seconds
--> Algo con remote shell esta siendo indicado en el puerto 222.
2) Le hacemos un telnet al puerto 222:
growing:/etc/ssh# telnet $IP
Trying 10.157.153.250...
Connected to 10.157.153.250.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.1p1 Debian-2
^C^C^C^C^C^C^C
Connection closed by foreign host.
--> Sale al toke, es SSH...
3) Vamos a pedir mas info del puerto:
growing:/etc/ssh# nmap 10.157.153.250 -p 222 -v -sV
Starting Nmap 4.62 ( http://nmap.org ) at 2008-10-07 17:04 CLT
Initiating Parallel DNS resolution of 1 host. at 17:04
Completed Parallel DNS resolution of 1 host. at 17:04, 0.20s elapsed
Initiating SYN Stealth Scan at 17:04
Scanning XXX ($IP) [1 port]
Discovered open port 222/tcp on $IP
Completed SYN Stealth Scan at 17:04, 0.01s elapsed (1 total ports)
Initiating Service scan at 17:04
Scanning 1 service on XXX ($IP)
Completed Service scan at 17:04, 6.00s elapsed (1 service on 1 host)
SCRIPT ENGINE: Initiating script scanning.
Host XXX ($IP) appears to be up ... good.
Interesting ports on XXX ($IP):
PORT STATE SERVICE VERSION
222/tcp open ssh (protocol 2.0)
1 service unrecognized despite returning data. If you know the
service/version, please submit the following fingerprint at
http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port222-TCP:V=4.62%I=7%D=10/7%Time=48EBCEDE%P=i686-pc-linux-gnu%r(NULL,
SF:20,"SSH-2\.0-OpenSSH_5\.1p1\x20Debian-2\r\n");
Read data files from: /usr/share/nmap
Service detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.290 seconds
Raw packets sent: 1 (44B) | Rcvd: 2 (88B)
Intentar proteger los servicios via esconderlos no sirve, y se le denomina
"seciruty by obscurity".
Saludos.
--
Morenisco.
Centro de Difusión del Software Libre.
http://www.cdsl.cl
Blog: http://morenisco.belvil.eu
Más información sobre la lista de distribución Linux