Re: comments abour outgoing SSH blocking



Allen Kistler wrote:
H.S. wrote:
... the guy responsible for firewall has blocked all outgoing
aSSH connections. Their claim is that this prevents anybody from tried
to hack into remote systems. I have never heard any such thing before,
since if anybody tried to do so, the SSH attempts would leave a trail.
If they blocked telnet, I would understand. But SSH? Does this policy
make sense? Or am I missing something here?

[snip]

You're missing something.

telnet leaves as much, or as little, a trail as ssh.

If you run an ssh server on the Internet, you quickly learn that there
are loads of dictionary-based, script-kiddie tools to try to break in
to ssh servers.

ssh can be secured better than telnet through better authentication
(public key), but most sites just run ssh like it's encrypted telnet.
Run that way, ssh is no better than telnet for defending against brute
force attacks against passwords.

Hmm ... here at my university we have no such restrictions. I do not
recall anyone being reported for abusing ssh. Come to think of this, I
do not know of any academic institution, except the one I mentioned
earlier, that does this.

The dictionary attacks are pretty common. I give you that. But shutting
off outgoing ssh just because of them en mass doesn't look reasonably to me.

Could I not exploit port 80 for vulnerabilities? I am sure one can find
poorly setup and maintained servers. By the above token, access to port
80 should also be stopped.

Or perhaps port 80 is not easily exploitable as is port 22 for a script
kiddie or even a serious cracker?

->HS






.