Love Port Knocking :)
On 11/16/2014 7:57 PM, Butch Evans via Af wrote:
On 11/16/2014 03:27 PM, Ken Hohhof via Af wrote:
"Properly protected" however sounds a bit like blaming the victim. I
would say it's a lot easier to protect a castle that just has one gate.
If I use it once a year, why leave it running all the time beckoning to
bad guys or waiting for me to slip up on firewall rules?
I understand your reticence to leave it turned on. I was simply
responding to the idea that turning it off (without qualification) was
the only, "best" solution. Best practice is to protect necessary
services. If it isn't necessary for you, then turning it off IS part
of "proper protection".
In addition to SSH, the other attractive nuisance seems to be RDP.
There's a simple little tool called DUBrute the kiddies will run against
tcp/3389, they don't have to be successful, just the traffic will mess
you up.
Agreed. Again, though, protecting the port is key. It should not be
open to the world. There are better practices than a simple nat that
opens this up to the world.
I'm waiting for webcams to be the next big target, so many of them use
UPnP and DynDNS to expose a webserver on a public IP, and end users buy
them at Amazon and Costco, even supposed computer and networking
professionals install them with no thoughts about network security.
Rinse and repeat above comments.
--
