Re: comments abour outgoing SSH blocking



Allen Kistler wrote:
H.S. wrote:
... the guy responsible for firewall has blocked all outgoing
aSSH connections. Their claim is that this prevents anybody from tried
to hack into remote systems. I have never heard any such thing before,
since if anybody tried to do so, the SSH attempts would leave a trail.
If they blocked telnet, I would understand. But SSH? Does this policy
make sense? Or am I missing something here?

[snip]

You're missing something.

telnet leaves as much, or as little, a trail as ssh.

If you run an ssh server on the Internet, you quickly learn that there
are loads of dictionary-based, script-kiddie tools to try to break in
to ssh servers.

ssh can be secured better than telnet through better authentication
(public key), but most sites just run ssh like it's encrypted telnet.
Run that way, ssh is no better than telnet for defending against brute
force attacks against passwords.

Hmm ... here at my university we have no such restrictions. I do not
recall anyone being reported for abusing ssh. Come to think of this, I
do not know of any academic institution, except the one I mentioned
earlier, that does this.

The dictionary attacks are pretty common. I give you that. But shutting
off outgoing ssh just because of them en mass doesn't look reasonably to me.

Could I not exploit port 80 for vulnerabilities? I am sure one can find
poorly setup and maintained servers. By the above token, access to port
80 should also be stopped.

Or perhaps port 80 is not easily exploitable as is port 22 for a script
kiddie or even a serious cracker?

->HS






.



Relevant Pages

  • RE: Commentary on the seven words
    ... When I was an operating systems programmer we all too often forgot that the Operating system existed to support the application, not the other way around. ... A Because the application that we run uses a telnet client that doesn't support ssh - and that's why I can't run ssh on this system. ... I administrate one system that has 128 clients on it and it's ...
    (RedHat)
  • Re: Commentary on the seven words
    ... A Because the application that we run uses a telnet client that doesn't ... support ssh - and that's why I can't run ssh on this system. ... General Red Hat Linux discussion list ... >operating system and utility advice and assistance and there are SEVEN ...
    (RedHat)
  • Re: newbie question on port forwarding(and ssh, netcat)
    ... Recently I am trying to connect my home laptop(I have a router in my ... I read several articles on port forwarding. ... ssh USER@DEBIAN ... as the ssh server treats different interfaces separately. ...
    (Debian-User)
  • Re: I do not get ssh. Why is it more secure?
    ... I ask this because I will be needing to open SSH ... If you put your ssh server on port 12345, it will be free from attacks. ... ssh has a range of benefits over other remote solutions such as telnet or rsh. ... You can can store options for your ssh client for ports and other options, organised by server, which is very convenient if you need to connect to many servers. ...
    (comp.os.linux.misc)
  • Re: Nailed Telnet & ssh
    ... I used to think I couldn't do a nailed ssh port also, ... The aix box has nailed telnet ports defined in the inittab ... > standard telnet command *thru* the ssh connection. ...
    (comp.databases.pick)