Re: [?] DYNDNS host vulnerability

Fr@nk Stef@ni wrote:
Hello all,

it's convenient to use a DYNDNS domain name like myhost.dyndns.org.
I guess, though, that the host myhost.dyndns.org would be much
more vulnerable as for crackers there is no need to watch out
for a dynamic IP that changes every day (at least in Germany).

Background: Every now and then I do some administration on a
server of a friend via

name@xxxxxxxxxxx

It would be nice to do this instead via

name@xxxxxxxxxxxxxxxxxxxxxxx

so there would be no need to let me know which dynamic IP his
router currently uses. This is what DYNDNS is supposed to do.
Nevertheless, if a cracker tries to crack into a host, he
would be happy not to care for dynamic IPs. Rather he would
be happy to rework on "friends_host.dyndns.org" without
caring for IP changes.

Am I correct or did I miss something?

If I were correct, weak login names and passwords would
be no problem, even with ssh - right?

Thanks and regards,
Frank

What you're doing here is relying on security through obscurity - the
obscurity being that an attacker would be unable to follow your changing
IP from one day to the next, and hoping that he's unable to break in
during the 24hour timeframe until your IP changes.

Are you sure your IP will change once a day? Is it a policy set by the
ISP? It may change, if you're relying on a variable IP and it suddenly
becomes more or less static how long before you find out?

(My IP address is theoretically dynamic, but reading the documentation
available from my ISP it appears that the IP address is linked to my
router, I've had the same IP address for over six months now.)

Make sure your passwords are strong and your software is up to date,
monitor your log files. If your friend only needs to allow access now
and again it may be better to only run the ssh daemon when you need
access - a quick phone call to get him/her to start the ssh server.

--
Andy Ruddock
------------
andy_DOT_ruddock_AT_gmail_DOT_com (GPG Key ID 0x74F41E8F)
.

Relevant Pages

  • Re: [?] DYNDNS host vulnerability
    ... it's convenient to use a DYNDNS domain name like myhost.dyndns.org. ... if a cracker tries to crack into a host, he would be happy not to care ... and again it may be better to only run the ssh daemon when you need ... My eyes opened up wide when I realized that the whole systems security ...
    (comp.os.linux.networking)
  • Re: [?] DYNDNS host vulnerability
    ... it's convenient to use a DYNDNS domain name like myhost.dyndns.org. ... I guess, though, that the host myhost.dyndns.org would be much ... Make sure your passwords are strong and your software is up to date, ... and again it may be better to only run the ssh daemon when you need ...
    (comp.os.linux.networking)
  • Re: Need advice about breakin attempt
    ... your users would ssh to this host then ssh to you from there. ... The theory being that an ISP is accustomed to dealing with port scans ...
    (alt.os.linux)
  • RE: sshd / ssh setup
    ... We have an Remote FreeBSD system which is located some where on the ... This method gives the maximum protection possible utilizing ssh. ... Host setup steps. ... Reboot your system to activate sshd and login as root. ...
    (freebsd-questions)
  • SSH filter transer, was Re: Soft Update - directory/file listing
    ... But SSH file transfer is painfully slow all the time. ... ## SSH 3.2 Server Configuration File ... # Note that forwardings using the name of this host will be allowed (if ...
    (freebsd-performance)