Re: SSH Cracking Attempts

• Previous message: Robert Golovniov: "Fetchmail + cron + dialup"
• In reply to: Jacob S: "Re: SSH Cracking Attempts"
• Next in thread: Kevin Mark: "Re: SSH Cracking Attempts"
• Reply: Kevin Mark: "Re: SSH Cracking Attempts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 30 Sep 2004 12:15:45 +0100
To: Debian List <debian-user@lists.debian.org>

On Wed, 29 Sep 2004 16:08:53 -0500, Jacob S <stormspotter@6texans.net> wrote:
> On Wed, 29 Sep 2004 21:55:59 +0200
> Matthijs <vanaalten@hotmail.com> wrote:
>
> > In the dutch computer magazine C't, I read an article a few months ago
> > about protecting your computer using a port knocking system. If I
> > remember correctly, you can close a port (your SSH port, for example)
> > and only open it when a pre-defined pattern of access attempts on a
> > pre-defined port (unused for applications) is applied. The SSH port
> > can then be set to open in your firewall, perhaps only for the
> > IP-adress that performed the knocking sequence.
>
> hmm... You're right, it's not what I'm looking for, but it still sounds
> like a good concept. I'd be interested in learning more about that, if
> not for this use with ssh, I have a couple other applications it could
> work with on servers.

Quick pro-cons: pro: if a remote root exploit for ssh is found, you
aren't vulnerable unless the attacker knows your port-knocking code.
pro-ish: a portscan doesn't show an ssh service running (which you
might like). cons: you need to have software which supports port
knocking to open up the port, which you may not have to hand in say
e.g. a friends house, an internet cafe. con: depending on
implementation, you might be vulnerable to exploits in the
port-knocking daemon (so a tradeoff with the first pro).

-- 
Jon Dowland
dowland@gmail.com
-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• Previous message: Robert Golovniov: "Fetchmail + cron + dialup"
• In reply to: Jacob S: "Re: SSH Cracking Attempts"
• Next in thread: Kevin Mark: "Re: SSH Cracking Attempts"
• Reply: Kevin Mark: "Re: SSH Cracking Attempts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: ssh gives "Permission denied, please try again" ... port 22 on your internal machine, so you will need to keep ssh up to ... I configure the router to forward a different external port to 22 on my ... For good measure pick usernames that are none obvious, ... root/password: 163 times ... (uk.comp.os.linux) [NEWS] SSH service at Dell DRAC4 Denial of Service (Mocana) ... SSH service at Dell DRAC4 Denial of Service ... Dell Remote Access Card 4 allows customers to effectively manage ... After the use of such a port scanner, ... (Securiteam) Re: Remote Desktop directly to another computer on the network ... default port... ... And there is no reason for me to believe that ssh ... When I have a multibillion company I will use the key pair, ... WinSCP for that to access my home SSH server. ... (microsoft.public.windowsxp.work_remotely) Re: SSH safety ... SSH safety (J.L. ... FC3 missing KDE menu items ... I was wondering how safe it is to open the ssh port up to the internet. ... (Fedora) Re: Mac `owned in hacking competition ... the router's port forwarding rules. ... The firewall or a NAT router only stops connections initiated from ... ssh will let you set up forwarded ports in both ... You start an ssh session from the target machine (this is ... (uk.comp.sys.mac)