reverse ssh
Amos Shapira
amos.shapira at gmail.com
Tue Jul 22 03:07:38 IDT 2014
Whatever.
I'm speaking from personal experience that I didn't find this necessary.
On 22 July 2014 08:21, E.S. Rosenberg <esr+linux-il at g.jct.ac.il> wrote:
> Any decent port scanner (nmap for instance) will find the SSH service
> regardless of the port its' on, while the likelihood of a firewall blocking
> access to random non-standard ports is very high.
>
> I use fail2ban to prevent brute forcing and generally also try to have
> some form of port knocking (knockd and fwknop are good options) to prevent
> initial access to the SSH server to "unidentified" machines.
>
>
> 2014-07-22 1:11 GMT+03:00 Amos Shapira <amos.shapira at gmail.com>:
>
>> On 22 July 2014 00:52, Guy Gold <guy1gold at gmail.com> wrote:
>>
>>> Hi Erez,
>>>
>>> On Mon, Jul 21, 2014 at 4:18 AM, Erez D <erez0001 at gmail.com> wrote:
>>>
>>>>
>>>> it is not even a dynamic ip, it is a private ip behind a dynamic one
>>>>
>>>
>>> Then, what Eliyahu wrote should serve you a perfect solution.
>>>
>>> Also, there's not much advantage in the point of hiding behind the
>>> "security by obscurity" method (i.e serve SSH at port 9000. or whichever).
>>>
>> The increase to security by using that method is in doubt - when
>>> taking under consideration tools used by "bad guys (and girls)" nowadays .
>>> If you must do it, that's fine, but don't let it be a reason for not
>>> using much better methods, as Eliyahu suggested.
>>>
>>
>> From personal experience - there is a huge advantage in picking a random
>> port for external SSH (and external HTTP). I always had port scanners on my
>> standard, dynamic ISP ADSL addresses until I moved them to different
>> non-standard ports. Since then my logs are clean, and I'm talking about
>> over 5 years of experience (I don't remember exactly when I did the switch).
>>
>> This is of course not the only measure I take for security. I still treat
>> them as vulnerable etc. But after years of not having a single probe on the
>> new ports I have to say that it removed the threat of pretty much 100% of
>> the probes on my home network.
>>
>> Perhaps they are more thorough on static ip addresses, known targets
>> etc., but in my experience this is a very successful step.
>>
>>
>>>
>>>
>>> --
>>> Guy Gold
>>>
>>> _______________________________________________
>>> Linux-il mailing list
>>> Linux-il at cs.huji.ac.il
>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>
>>>
>>
>>
>> --
>> [image: View my profile on LinkedIn]
>> <http://www.linkedin.com/in/gliderflyer>
>>
>> _______________________________________________
>> Linux-il mailing list
>> Linux-il at cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
--
[image: View my profile on LinkedIn]
<http://www.linkedin.com/in/gliderflyer>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20140722/13afaecb/attachment.html>
More information about the Linux-il
mailing list