Re: Attacks on ssh port

From: Willem Jan Withagen (wjw_at_withagen.nl)
Date: 09/19/04

  • Next message: Antony Mawer: "Re: Attacks on ssh port"
    Date: Sun, 19 Sep 2004 00:44:33 +0200
    To: freebsd-security@freebsd.org
    
    

    Peter Radcliffe wrote:

    >Willem Jan Withagen <wjw@withagen.nl> probably said:
    >
    >
    >>I also have portsentry in a rather sensitive mode doing exactly the same
    >>thing.
    >>Trigger one of the "backdoor" ports, and you're out of my game.
    >>
    >>
    >
    >The general problm with this type of reactive filtering is that if
    >someone can spoof the source addresses effectively or cause a connection
    >from a legitimate host you've just DoSed yourself...
    >
    >Personally I only allow ssh from known legitimate sources and block the
    >rest so the "noise" is in a completely different list.
    >
    >
    I do too, on systems that are completly mine. But I had to "force" this
    customer to refrain from using
    ftp/telnet/... with plain open passwords. And access to this box is
    required from verious remote locations with yet unknown IPs. So I have
    little chances there.

    As far as I know, you need to go thru a lot of trouble to complete a
    spoofed full 3-way handshake just to get my maintenace IP-number blocked.
    Next to the fact that there is a rule before the blocked list which lets
    me in anyways.... :)

    --WjW

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Antony Mawer: "Re: Attacks on ssh port"