reverse ssh

[Amos Shapira]

On 22 July 2014 00:52, Guy Gold <guy1gold at gmail.com> wrote:

> Hi Erez,
>
> On Mon, Jul 21, 2014 at 4:18 AM, Erez D <erez0001 at gmail.com> wrote:
>
>>
>> it is not even a dynamic ip, it is a private ip behind a dynamic one
>>
>
> Then,  what Eliyahu wrote should serve you a perfect solution.
>
> Also, there's not much advantage in the point of hiding behind the
> "security by obscurity" method (i.e serve SSH at port 9000. or whichever).
>
 The increase to security by using  that method is in doubt - when taking
> under consideration  tools used by "bad guys (and girls)" nowadays .
> If you must do it, that's fine, but don't let it be a reason for not using
> much better methods, as Eliyahu suggested.
>

>From personal experience - there is a huge advantage in picking a random
port for external SSH (and external HTTP). I always had port scanners on my
standard, dynamic ISP ADSL addresses until I moved them to different
non-standard ports. Since then my logs are clean, and I'm talking about
over 5 years of experience (I don't remember exactly when I did the switch).

This is of course not the only measure I take for security. I still treat
them as vulnerable etc. But after years of not having a single probe on the
new ports I have to say that it removed the threat of pretty much 100% of
the probes on my home network.

Perhaps they are more thorough on static ip addresses, known targets etc.,
but in my experience this is a very successful step.


>
>
> --
> Guy Gold
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 
 [image: View my profile on LinkedIn]
<http://www.linkedin.com/in/gliderflyer>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20140722/5687511d/attachment.html>