reverse ssh

reverse ssh

Erez D erez0001 at gmail.com
Tue Jul 22 11:20:44 IDT 2014 

although port scanners can scan every port, it takes x 65536 times more
than scanning only port 22
and there are enough available port 22s,

so using a non-standard port is a smart move
as long as it is not the only one.


On Tue, Jul 22, 2014 at 3:07 AM, Amos Shapira <amos.shapira at gmail.com>
wrote:

> Whatever.
>
> I'm speaking from personal experience that I didn't find this necessary.
>
>
>
> On 22 July 2014 08:21, E.S. Rosenberg <esr+linux-il at g.jct.ac.il> wrote:
>
>> Any decent port scanner (nmap for instance) will find the SSH service
>> regardless of the port its' on, while the likelihood of a firewall blocking
>> access to random non-standard ports is very high.
>>
>> I use fail2ban to prevent brute forcing and generally also try to have
>> some form of port knocking (knockd and fwknop are good options) to prevent
>> initial access to the SSH server to "unidentified" machines.
>>
>>
>> 2014-07-22 1:11 GMT+03:00 Amos Shapira <amos.shapira at gmail.com>:
>>
>>> On 22 July 2014 00:52, Guy Gold <guy1gold at gmail.com> wrote:
>>>
>>>> Hi Erez,
>>>>
>>>> On Mon, Jul 21, 2014 at 4:18 AM, Erez D <erez0001 at gmail.com> wrote:
>>>>
>>>>>
>>>>> it is not even a dynamic ip, it is a private ip behind a dynamic one
>>>>>
>>>>
>>>> Then,  what Eliyahu wrote should serve you a perfect solution.
>>>>
>>>> Also, there's not much advantage in the point of hiding behind the
>>>> "security by obscurity" method (i.e serve SSH at port 9000. or whichever).
>>>>
>>>  The increase to security by using  that method is in doubt - when
>>>> taking under consideration  tools used by "bad guys (and girls)" nowadays .
>>>> If you must do it, that's fine, but don't let it be a reason for not
>>>> using much better methods, as Eliyahu suggested.
>>>>
>>>
>>> From personal experience - there is a huge advantage in picking a random
>>> port for external SSH (and external HTTP). I always had port scanners on my
>>> standard, dynamic ISP ADSL addresses until I moved them to different
>>> non-standard ports. Since then my logs are clean, and I'm talking about
>>> over 5 years of experience (I don't remember exactly when I did the switch).
>>>
>>> This is of course not the only measure I take for security. I still
>>> treat them as vulnerable etc. But after years of not having a single probe
>>> on the new ports I have to say that it removed the threat of pretty much
>>> 100% of the probes on my home network.
>>>
>>> Perhaps they are more thorough on static ip addresses, known targets
>>> etc., but in my experience this is a very successful step.
>>>
>>>
>>>>
>>>>
>>>> --
>>>> Guy Gold
>>>>
>>>> _______________________________________________
>>>> Linux-il mailing list
>>>> Linux-il at cs.huji.ac.il
>>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>>
>>>>
>>>
>>>
>>> --
>>>  [image: View my profile on LinkedIn]
>>> <http://www.linkedin.com/in/gliderflyer>
>>>
>>> _______________________________________________
>>> Linux-il mailing list
>>> Linux-il at cs.huji.ac.il
>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>
>>>
>>
>
>
> --
>  [image: View my profile on LinkedIn]
> <http://www.linkedin.com/in/gliderflyer>
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20140722/be02e5b3/attachment.html>

More information about the Linux-il mailing list