Re: Somebody is keep trying to ssh into my systems, how can I stop that?

left_coast wrote:

responder wrote:

left_coast wrote:

responder wrote:

left_coast wrote:

responder wrote:

The point was valid, it does not take a supercomputer to do a man
in the middle.

Prove how it could be done. ssh configured with RSA key.

No. This is not a kindergarten class for wannabe crackers.

The point was valid. MITM will go through your carefully crafted
portknocking scheme without a hiccup. No problem.

Proof? Until I see proof, this is just another claim that is just BS.
[...]


Your RSA key requirement (not "rsh") was added later.

So? Your claim was "no super computer needed", that means to me that
no supper computer would EVER be needed. Unless you can prove that no
computer is needed, EVER, then you have no point.

Whatever you claim it means to you is not necessarily what was written.

So take it one step at a time. "no super computer needed" referred to
breaking into your "supercalifragilisticexpialidocious" - portknocking
protected connection. Obviously, obviously, a computer is needed.

Obviously.

Can you go with that?

The portknocking is part of an integrated layered security package, it
does not stand alone as an only line of defense. If you have read what I
said, you would know that. It works together with ssh to maximize the
over all security. My "supercalifragilisticexpialidocious" Portknocking
scheme INCLUDES ssh security. I have never said the portknocking is a
stand alone system, that is your misconception.

There is no misconception here. Please do correct me if I am wrong, but
my "conception" was that you thought that nobody could get to your ssh
port, at all. That is wrong information.

The bottom line, if ONE person breaks though my portknocking SO WHAT?
Where did he get? One person would get to where MILLIONS could get if I
did not have port knocking, An open SSH port.

Yes, you are right that portknocking has excluded millions of bots.
Congratulations for that and I hope everyone is as successful in excluding
bots from their ssh connections. Perhaps, not everyone is as experienced
as you, and you might want to actually share some of your useful knowledge
here.

He does NOT get access to
the system.

Excuse to say that if an intruder did ride into your system on the back of
your ssh connection, s/he would get that exact same data as you in return.

Maybe there would be some people so stupid as to set up an IP spoofing
(since it would NOT be a true MITM)

And maybe some would set up a real MITM. You didn't say how or why that
wouldn't, except that is was unlikely, or that maybe no one would care
about your connection(?).

From what you have written, I would not care what you have on your HDs.

set up to get past port
knocking only to be faced with a closed port, but I doubt many would be
in a LOCATION THEY COULD DO IT.

So, exactly, how many crackers do you think it might be needed to have one
root kit installed on your machines. 67? 43? 21? 1? -- or what?

Even if someone was so stupid, SO WHAT? They still do not have access to
my system.

Unless of course they really did have full access upon login. ...

It is unlikely that more than 100
people could be in the physical locations to do this type of attack,
with the state of the hardware in ISPs it is unlikely they would be able
to insert the hardware for any length of time, without getting caught...

So, it's kind of a lottery to you, is it?

Sort of like "If I am one of a quazillion, they can't find me to crack me.
That's like the "security by obscurity" algorithm. No?

It
is possible to do the attack, but it is also possible to guess an
encryption key on the first try.

Unless the courts stop NSA, as they apparently tried to do Thursday,
there's not much of a guessing game here. NSA (and possibly others) do
have the cycles to "guess" your encryption key in real time on the very
very first try. You should hope you don't draw too much attention from
them.

Claiming something is POSSIBLE does not mean it is PROBABLE or that it
is even going to happen.

Yes and sure, provided you are not Arab or Asian. Hopefully not
African-American of all things. We all Americans wouldn't want any of
that kind of pluralism in our society. (Sarcasm/sarcasm/sarcasm)

Given the
consequences of what would happen if someone was able to get spoof IP
addresses and attack my port still having to break ssh security (only
ONE person rather than MILLIONS able to attack) I would say I'm still
better off than if I did not install port knocking.

Sure. Provided that the one person left wasn't the one who can get
through your walls. ...

Then, given the payoff, doing
all the work to set this all up and STILL not actually getting into the
system,

So you claim, but maybe they did get "into the system".

Given the extremely limited places where such an attack could be set up,
The very few people that would be in such a location, I think it ever so
unlikely they would try such a thing. Despite the unlikeliness, of
someone breaking the portknocking, I still have what ever ssh security
in place.

Right. Understood. There are actually so few people interested in what
might be on your HD that there is virtually no chance they will be able to
get anything. If they ever did succeed in that they would get nothing,
because you have nothing in your head, and consequently nothing on your
drives of any interest whatever. Sure enough.

Well I agree.

No one would want to be in your system or in your mind. That would be an
abomination all in itself.
.

Relevant Pages