From owner-freebsd-security Mon Sep 3 7:14:36 2001 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (f199.law8.hotmail.com [216.33.241.199]) by hub.freebsd.org (Postfix) with ESMTP id D92B937B405 for ; Mon, 3 Sep 2001 07:14:28 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 3 Sep 2001 07:14:28 -0700 Received: from 200.212.177.158 by lw8fd.law8.hotmail.msn.com with HTTP; Mon, 03 Sep 2001 14:14:28 GMT X-Originating-IP: [200.212.177.158] From: "Not Going to Tell You" To: behanna@zbzoom.net, security@freebsd.org Subject: Re: Possible New Security Tool For FreeBSD, Need Your Help. Date: Mon, 03 Sep 2001 14:14:28 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 03 Sep 2001 14:14:28.0835 (UTC) FILETIME=[BE6DE330:01C13482] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have 240 boxes running sshd and restricted to our IP address on the Internet. We just want to hide the sshd port until we need it. Is this such a hard concept to understand. So what if someone can sniff the key. It is just an extra layer of security. Since we are also running sshd and IP filters, this is not a false sense of security. If someone wants to sniff out all 100 packets, spoof our IP address, and re-send the key..Good for them, they still have to get past the sshd. But by hidding the sshd port, maybe, just maybe, we can reduce the number of script kiddies from trying sshd scripts. There is no such thing as real security. Only the perception of it. Lucky >From: Chris BeHanna >Reply-To: Chris BeHanna >To: >Subject: Re: Possible New Security Tool For FreeBSD, Need Your Help. >Date: Sat, 1 Sep 2001 00:08:09 -0400 (EDT) > >On Fri, 31 Aug 2001, Not Going to Tell You wrote: > > > First, I stated that the only port that would be open would be the port >80 > > http. And it is assumed that I would have already had a tight box with > > strict rules. But even tight boxes still show which ports are opened. > > > > As for guessing the key sequence..I doubt it, if the program was able to > > tell if port scanning was taking place. And do not for get the timer. > > > > As for sniffing, well 99.9% of all the hackers that I have seen come >from > > the Internet where would they put the sniffer? > > If your machine is attached to a cable modem, then there are 253 >other hosts in your neighborhood who can very easily sniff your traffic. > > If you're trying to open ports remotely, then your key traffic is >going over the internet. Do a traceroute between the host you're >using and the host you're trying to manage, and ponder someone >sniffing along any of those hops. > > Although this is unlikely for the casual user, it becomes more >likely if the remote host is a corporate-owned machine in a highly >competitive area of industry. > >-- >Chris BeHanna >Software Engineer (Remove "bogus" before responding.) >behanna@bogus.zbzoom.net >I was raised by a pack of wild corn dogs. > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message