From owner-freebsd-security Wed Nov 14 23:21:44 2001 Delivered-To: freebsd-security@freebsd.org Received: from smtp.netnam.vn (smtp.netnam.vn [203.162.7.93]) by hub.freebsd.org (Postfix) with ESMTP id 0EA3037B419 for ; Wed, 14 Nov 2001 23:21:40 -0800 (PST) Received: from mailserver ([10.9.4.34]) by smtp.netnam.vn (8.10.2/8.10.2) with ESMTP id fAF7MPm22889; Thu, 15 Nov 2001 14:22:28 +0700 (GMT) Received: from 192.168.0.29 by mailserver ([192.168.0.2] running VPOP3) with ESMTP; Thu, 15 Nov 2001 14:20:20 +0700 Message-Id: <5.1.0.14.2.20011115141606.04298890@MailServer> X-Sender: stefan.probst@MailServer X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 15 Nov 2001 14:17:54 +0700 To: Andrew Johns From: Stefan Probst Subject: Re: AdoreWorm Cc: freebsd-security@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Server: VPOP3 V1.4.6 - Registered Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 09:59 15.11.2001 +1100, Andrew Johns wrote: ------------------------- >Why can't you run sshd on port 23? Surely they don't examine >connections to determine the actual protocol running? Previously, I didn't try too much to change ports - was not worth the time to get all that knowledge, since I had to do this not only on the machine, but also at the LAN firewall here.... And: A decent (national) firewall cannot be spoofed by just changing ports. A good one filters (also) on packet level. Not sure, whether the used one here did. In the end they had anyway to make the rules more and more relaxed, since it couldn't cope with the traffic. Stefan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message