Re: Attacks on ssh port

From: Peter Radcliffe (pir_at_pir.net)
Date: 09/19/04

  • Next message: Willem Jan Withagen: "Re: Attacks on ssh port"
    Date: Sat, 18 Sep 2004 18:28:19 -0400
    To: "freebsd-security@FreeBSD.ORG" <freebsd-security@freebsd.org>
    
    

    Willem Jan Withagen <wjw@withagen.nl> probably said:
    > I also have portsentry in a rather sensitive mode doing exactly the same
    > thing.
    > Trigger one of the "backdoor" ports, and you're out of my game.

    The general problm with this type of reactive filtering is that if
    someone can spoof the source addresses effectively or cause a connection
    from a legitimate host you've just DoSed yourself...

    Personally I only allow ssh from known legitimate sources and block the
    rest so the "noise" is in a completely different list.

    P.

    -- 
    pir
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Willem Jan Withagen: "Re: Attacks on ssh port"