[CentOS] Linux malware attack

Fri Mar 28 14:50:59 UTC 2014
Warren Young <warren at etr-usa.com>

On 3/25/2014 10:38, Les Mikesell wrote:
> On Fri, Mar 21, 2014 at 4:18 PM,  <m.roth at 5-cent.us> wrote:
>>>
>>> #5 (non-standard port) is very useful.
>>
>> Huh! That's the *only* rationale I've ever heard for security through
>> obscurity that actually makes sense.
>
> It's all obscurity even if you think you can call it something else.

The original term of art has gotten stretched out of its original shape.

"Security through obscurity" originally referred only to practices 
intended to confer security purely through obscurity.  As soon as you 
learn the secret, the security is gone.

Security practitioners started beating "security through obscurity is 
bad" into people's heads, until now people have this knee-jerk reaction 
to *any* obscurity, as though obscurity is bad in and of itself.

Moving Telnet to port 2323 is security through obscurity.  Moving SSH to 
port 2222 is defense in depth, because you still have security after an 
attacker penetrates the obscuration layer.

For another example, think about network switches.  They prevent trivial 
snooping on your neighbor's traffic.  ARP poisoning can defeat this 
security-through-obscurity, but that's no reason for us to all go back 
to dumb hubs.  To the extent that it confers security at all, switched 
Ethernet is one layer in a good layered defense incorporating switches 
*and* subnets *and* VLANs *and* encrypted tunnels.

Still another example: ALSR.  ASLR doesn't prevent buffer overflow 
attacks, it just makes them a lot harder to craft.