Date: Tue, 29 Dec 2009 10:19:20 -0600 From: Chris BeHanna <chris@behanna.org> To: freebsd-stable@freebsd.org Subject: Re: Hacked - FreeBSD 7.1-Release Message-ID: <1790A4AA-9EB4-47DF-ADC9-7DA90AD2654F@behanna.org> In-Reply-To: <4B3A2A02.1090509@brianwhalen.net> References: <bd52e0bd614fbaffcf8c9ff9da35286e@mail.isot.com> <4B20B509.4050501@yahoo.it> <600C0C33850FFE49B76BDD81AED4D25801371D8056@IMCMBX3.MITRE.ORG> <ce92ed41260c438977298c2cf9dd1e3f.HRCIM@webmail.1command.com> <600C0C33850FFE49B76BDD81AED4D25801371D8737@IMCMBX3.MITRE.ORG> <20091229114536.GA2409@mavetju.org> <4B3A2A02.1090509@brianwhalen.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 29, 2009, at 10:10 , Brian W. wrote: > On 12/29/2009 3:45 AM, Edwin Groothuis wrote: >> mpt to pass a Turing test or something. >> On all systems which need to be accessible from the public = Internet: >> Run sshd on port 22 and port 8022. Block incoming traffic on port >> 22 on your firewall. >>=20 >> Everybody coming from the outside world needs to know it is running >> on port 8022. Everybody coming from the inside world has access as >> normal. >>=20 >> Edwin >> =20 > I seem to recall on one of the openbsd lists someone speaking of risks = of running sshd or other services on high numbered ports, presumably = because a non root user cannot bind ports up to 1024. On a multi-user machine, where you want to keep students or = others from spoofing on machines on which they have logins but which you = manage (i.e., they don't have root or sudo), this makes sense--ON THE = SERVER SIDE. The connecting client's port is going to be above 1024 = anyway, and the client doesn't really care on which port the server is = running. In this day and age, when anyone, black hat or white, can stand = up their own *ix box and run whatever they want on whatever port, the = notion of only connecting to "privileged ports" as a way of protecting = yourself (e.g., from password sniffing or whatever) is rather quaint and = ineffective. --=20 Chris BeHanna chris@behanna.org=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1790A4AA-9EB4-47DF-ADC9-7DA90AD2654F>