Em 15-06-2015 17:00, Pablo Lezaeta Reyes escreveu:
Is not the only as pointer in this thread,
also you not considered the idea that burocracy for somethink that
simple as oppen a port could take months if not year or even coutless
failed attempts?
Well, each organization has it's own process. But, it doesn't protect
any internal machine not to allow outgoing ssh.
In my school we get attempts to forcebrute into ouir server... this
once was attempted throw port 22, that what I get in response for
request open port 22 in my school firewal.
Yes, this is a common problem. You can have some sort of blocking
daemon, like fail2ban, or you can change the ssh port altogether. But, I
don't see arch doing this, since tcp port 22 is the IANA assigned port
for SSH. I bet they have bruteforce mitigations in place, on top of only
allowing PubKey authentication.
Therefor they refuse to open 22 since that insident.
or you think is saner that every user repeat a process for every
machine, instead of offerted an alternative port for those countless
users that cant (as I mention ealy) oppen 22? Well burocracy and dumb
admins are nought to not let you open port 22, this word is a place
ful of peoples of all kinds, and full of dumb decisions.
If they can't distinguish, as other people already mentioned, from
incoming and outgoing, then they should really rethink their carreers.
It's the same thing with ICMP or VLAN's. I don't really worry about
being blocked at any place I might go because I use a VPN. I think
everybody should get one, not just for better privacy and unblocked
internet access, but for avoiding ISP QoS. But it's sad to know that
some people will let this kind of blocking (which is relatively easy to
circumvent) prevent them from contributing to arch.
Cheers,
Giancarlo Razzolini