reverse ssh

reverse ssh

E.S. Rosenberg esr+linux-il at g.jct.ac.il
Tue Jul 22 01:21:40 IDT 2014 

Any decent port scanner (nmap for instance) will find the SSH service
regardless of the port its' on, while the likelihood of a firewall blocking
access to random non-standard ports is very high.

I use fail2ban to prevent brute forcing and generally also try to have some
form of port knocking (knockd and fwknop are good options) to prevent
initial access to the SSH server to "unidentified" machines.


2014-07-22 1:11 GMT+03:00 Amos Shapira <amos.shapira at gmail.com>:

> On 22 July 2014 00:52, Guy Gold <guy1gold at gmail.com> wrote:
>
>> Hi Erez,
>>
>> On Mon, Jul 21, 2014 at 4:18 AM, Erez D <erez0001 at gmail.com> wrote:
>>
>>>
>>> it is not even a dynamic ip, it is a private ip behind a dynamic one
>>>
>>
>> Then,  what Eliyahu wrote should serve you a perfect solution.
>>
>> Also, there's not much advantage in the point of hiding behind the
>> "security by obscurity" method (i.e serve SSH at port 9000. or whichever).
>>
>  The increase to security by using  that method is in doubt - when taking
>> under consideration  tools used by "bad guys (and girls)" nowadays .
>> If you must do it, that's fine, but don't let it be a reason for not
>> using much better methods, as Eliyahu suggested.
>>
>
> From personal experience - there is a huge advantage in picking a random
> port for external SSH (and external HTTP). I always had port scanners on my
> standard, dynamic ISP ADSL addresses until I moved them to different
> non-standard ports. Since then my logs are clean, and I'm talking about
> over 5 years of experience (I don't remember exactly when I did the switch).
>
> This is of course not the only measure I take for security. I still treat
> them as vulnerable etc. But after years of not having a single probe on the
> new ports I have to say that it removed the threat of pretty much 100% of
> the probes on my home network.
>
> Perhaps they are more thorough on static ip addresses, known targets etc.,
> but in my experience this is a very successful step.
>
>
>>
>>
>> --
>> Guy Gold
>>
>> _______________________________________________
>> Linux-il mailing list
>> Linux-il at cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
>
> --
>  [image: View my profile on LinkedIn]
> <http://www.linkedin.com/in/gliderflyer>
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20140722/2beb6190/attachment-0001.html>

More information about the Linux-il mailing list