Ivan Krstić wrote: > On Jul 14, 2007, at 2:43 PM, Ed Gerck wrote: >> 1. firewall port-knocking to block scanning and attacks >> 2. firewall logging and IP disabling for repeated attacks (prevent DoS, >> block dictionary attacks) >> 3. pre- and post-filtering to prevent SSH from advertising itself and >> server OS >> 4. block empty authentication requests >> 5. block sending host key fingerprint for invalid or no username >> 6. drop SSH reply (send no response) for invalid or no username > > None of these are crypto issues.
Perhaps not the way they are solved today (see above), and that IS the problem. For example, the lack of good crypto solutions to protocol bootstrap contributes significantly to security holes 1-7. Cheers, Ed Gerck --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
