Re: Attacks on ssh port
From: Peter Radcliffe (pir_at_pir.net)
Date: 09/19/04
- Previous message: Willem Jan Withagen: "Re: Attacks on ssh port"
- In reply to: Willem Jan Withagen: "Re: Attacks on ssh port"
- Next in thread: Willem Jan Withagen: "Re: Attacks on ssh port"
- Maybe reply: Craig Edwards: "Re: Re: Attacks on ssh port"
- Maybe reply: Craig Edwards: "Re: Re: Attacks on ssh port"
- Reply: Willem Jan Withagen: "Re: Attacks on ssh port"
- Reply: Nick Cleaton: "Re: Attacks on ssh port"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 18 Sep 2004 18:28:19 -0400 To: "freebsd-security@FreeBSD.ORG" <freebsd-security@freebsd.org>
Willem Jan Withagen <wjw@withagen.nl> probably said:
> I also have portsentry in a rather sensitive mode doing exactly the same
> thing.
> Trigger one of the "backdoor" ports, and you're out of my game.
The general problm with this type of reactive filtering is that if
someone can spoof the source addresses effectively or cause a connection
from a legitimate host you've just DoSed yourself...
Personally I only allow ssh from known legitimate sources and block the
rest so the "noise" is in a completely different list.
P.
-- pir _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Willem Jan Withagen: "Re: Attacks on ssh port"
- In reply to: Willem Jan Withagen: "Re: Attacks on ssh port"
- Next in thread: Willem Jan Withagen: "Re: Attacks on ssh port"
- Maybe reply: Craig Edwards: "Re: Re: Attacks on ssh port"
- Maybe reply: Craig Edwards: "Re: Re: Attacks on ssh port"
- Reply: Willem Jan Withagen: "Re: Attacks on ssh port"
- Reply: Nick Cleaton: "Re: Attacks on ssh port"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
