Re: Attacks on ssh port
From: Willem Jan Withagen (wjw_at_withagen.nl)
Date: Sun, 19 Sep 2004 00:44:33 +0200 To: email@example.com
Peter Radcliffe wrote:
>Willem Jan Withagen <firstname.lastname@example.org> probably said:
>>I also have portsentry in a rather sensitive mode doing exactly the same
>>Trigger one of the "backdoor" ports, and you're out of my game.
>The general problm with this type of reactive filtering is that if
>someone can spoof the source addresses effectively or cause a connection
>from a legitimate host you've just DoSed yourself...
>Personally I only allow ssh from known legitimate sources and block the
>rest so the "noise" is in a completely different list.
I do too, on systems that are completly mine. But I had to "force" this
customer to refrain from using
ftp/telnet/... with plain open passwords. And access to this box is
required from verious remote locations with yet unknown IPs. So I have
little chances there.
As far as I know, you need to go thru a lot of trouble to complete a
spoofed full 3-way handshake just to get my maintenace IP-number blocked.
Next to the fact that there is a rule before the blocked list which lets
me in anyways.... :)
email@example.com mailing list
To unsubscribe, send any mail to "firstname.lastname@example.org"