reverse ssh
Amos Shapira
amos.shapira at gmail.com
Tue Jul 22 01:11:06 IDT 2014
On 22 July 2014 00:52, Guy Gold <guy1gold at gmail.com> wrote:
> Hi Erez,
>
> On Mon, Jul 21, 2014 at 4:18 AM, Erez D <erez0001 at gmail.com> wrote:
>
>>
>> it is not even a dynamic ip, it is a private ip behind a dynamic one
>>
>
> Then, what Eliyahu wrote should serve you a perfect solution.
>
> Also, there's not much advantage in the point of hiding behind the
> "security by obscurity" method (i.e serve SSH at port 9000. or whichever).
>
The increase to security by using that method is in doubt - when taking
> under consideration tools used by "bad guys (and girls)" nowadays .
> If you must do it, that's fine, but don't let it be a reason for not using
> much better methods, as Eliyahu suggested.
>
>From personal experience - there is a huge advantage in picking a random
port for external SSH (and external HTTP). I always had port scanners on my
standard, dynamic ISP ADSL addresses until I moved them to different
non-standard ports. Since then my logs are clean, and I'm talking about
over 5 years of experience (I don't remember exactly when I did the switch).
This is of course not the only measure I take for security. I still treat
them as vulnerable etc. But after years of not having a single probe on the
new ports I have to say that it removed the threat of pretty much 100% of
the probes on my home network.
Perhaps they are more thorough on static ip addresses, known targets etc.,
but in my experience this is a very successful step.
>
>
> --
> Guy Gold
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
--
[image: View my profile on LinkedIn]
<http://www.linkedin.com/in/gliderflyer>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20140722/5687511d/attachment.html>
More information about the Linux-il
mailing list