On Jul 14, 2007, at 2:43 PM, Ed Gerck wrote:
1. firewall port-knocking to block scanning and attacks
2. firewall logging and IP disabling for repeated attacks (prevent
DoS,
block dictionary attacks)
3. pre- and post-filtering to prevent SSH from advertising itself and
server OS
4. block empty authentication requests
5. block sending host key fingerprint for invalid or no username
6. drop SSH reply (send no response) for invalid or no username
None of these are crypto issues. The OpenSSH dev list (http://
www.openssh.com/list.html) would almost certainly lend itself to a
more productive discussion of these concerns. Cheers,
--
Ivan Krstić <[EMAIL PROTECTED]> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
