On Sun, Dec 19, 2004 at 10:29:49PM +1100, A wrote:
> My heartfelt thanks for all the assistance there. ffs, you speak like
> some sort of lord who cannot be bothered assisting the peasants. I get
> an inkling you eminate for from such lofty heights. Now, I admit I am
> not on the main bsd list (eve
I'm wondering,
wouldn't port knocking be fairly simple to attack, with a systematic knock on
random ports?
I'm just a newbie, but that seems like a real concern to me...
On Sunday 19 December 2004 3:29 am, you wrote:
> [EMAIL PROTECTED]
My heartfelt thanks for all the assistance there. ffs, you
My heartfelt thanks for all the assistance there. ffs, you speak like
some sort of lord who cannot be bothered assisting the peasants. I get
an inkling you eminate for from such lofty heights. Now, I admit I am
not on the main bsd list (even if I was, I don't have time to even skim
the headers from
On Fri, Dec 17, 2004 at 06:05:39PM -0500, Roy Morris wrote:
> If you want to knock off most of the port pounding twits, stop allowing
> ssh from 'any', filter instead by source. If you can't do that, because you
> MUST have access from your remote laptop, then maybe try using a ssh
> rule that s
> not trying to speak for ed, but IMHO...it's dumb because any
> yahoo with
> a local account on a machine can create a listening socket on
> a port >=
> 1024.
Anyone can create a socket above 1024 anyway, regardless .. this has
nothing to do with ssh. If you are running a server, full of users
On Fri, 2004-12-17 at 15:51, Peter GILMAN wrote:
> Ed White <[EMAIL PROTECTED]> wrote:
>
> | On Friday 17 December 2004 15:45, Roy Morris wrote:
> | > change your ssh port to like 30222 or something ..
> |
> | That's dumb.
>
> why?
>
>
> Choose a port < 1024.
>
> why?
not trying to speak for
Ed White <[EMAIL PROTECTED]> wrote:
| On Friday 17 December 2004 15:45, Roy Morris wrote:
| > change your ssh port to like 30222 or something ..
|
| That's dumb.
why?
Choose a port < 1024.
why?
On Friday 17 December 2004 06:11, A wrote:
> Further, "jasper" is the only machine that is externally accessible via
> SSH (the only other open ports are domain, web and mail on other
> servers). I need to leave SSH open as a number of people work remotely
> and tunnel through it to some of the ser
On Friday 17 December 2004 15:45, Roy Morris wrote:
> change your ssh port to like 30222 or something ..
That's dumb. Choose a port < 1024.
I will also need to write a windows util to do the knocking for the
contractors - can Perl run on a Windows machine or will I have to dust
off my C compiler? :)
http://www.activestate.com/ or http://www.cygwin.com/
change your ssh port to like 30222 or something ..
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of
> A
> Sent: December 17, 2004 12:12 AM
> To: [EMAIL PROTECTED]
> Subject: pf port knocking
>
>
> Hey all
>
&
> For those unfamiliar with the technique, it is like
> knocking a certain pattern/code on a door to open it.
anyone unfamiliar with the technique hasn't read the archives
whatsoever and thus is not going to garner favour from anyone
here at all.
> Has anyone heard of anyone working on a p
Hey all
I am getting tired of seeing the following popping up every day (with
various IPs) on my log server.
* ROOT FAILURES
jasper ssh2(pw) @221.143.156.58(3)
* User Failures
admin ssh2(pw) jasper(2)
andrew ssh2(pw) jasper(1)
angel ssh2(pw) jasper(1)
barbara ssh2(pw) jasper(1)
ben ssh2(pw
please, give me at least a theoretical model of such flooding.
how your "packet wave" must looks like to hit says 5-rules on
random chosen source and destination ports?
http://www.zeroflux.org/knock/ as lab for your researches. it
listens over linklayer for knocking sequence.
Daniel Staal wote:
Looks fairly good. Just one question (and I don't know how more standard
port-knocking systems handle this): Is there a way to prevent someone from
port-stomping? (Eg: Flooding your machine with waves of packets so that no
matter what port you are looking for next they've hit it?)
Daniel T. S
AIL PROTECTED]>
Sent: Tuesday, April 27, 2004 12:29 PM
Subject: low-cost pf port-knocking idea
Dear [EMAIL PROTECTED],
$ext - stands for server listening interface,
($ext) - stands for server listening interface's address.
server side:
pass in quick on $ext inet proto udp \
from any p
Dear [EMAIL PROTECTED],
$ext - stands for server listening interface,
($ext) - stands for server listening interface's address.
server side:
pass in quick on $ext inet proto udp \
from any port 333 to ($ext) port 333 keep state \
tag knock333
pass in quick on $ext inet proto udp \
from any po
17 matches
Mail list logo
