From owner-freebsd-security@FreeBSD.ORG  Tue Oct  6 18:41:18 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 29A22106566B
	for <freebsd-security@freebsd.org>;
	Tue,  6 Oct 2009 18:41:18 +0000 (UTC)
	(envelope-from mwoliver@gmail.com)
Received: from mail-yx0-f184.google.com (mail-yx0-f184.google.com
	[209.85.210.184])
	by mx1.freebsd.org (Postfix) with ESMTP id D920F8FC1C
	for <freebsd-security@freebsd.org>;
	Tue,  6 Oct 2009 18:41:17 +0000 (UTC)
Received: by yxe14 with SMTP id 14so5362240yxe.7
	for <freebsd-security@freebsd.org>;
	Tue, 06 Oct 2009 11:41:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:in-reply-to:references
	:date:message-id:subject:from:to:content-type
	:content-transfer-encoding;
	bh=zH6tKDn3XIXFFux5sbpTPOfcF0d9UM0dCPwwA0eATA4=;
	b=YgVqClIxMP8ohACl0wHW6mzJlrwmfpuGGHQhrvUoVTeePydPwP2A508lNUltHK/Z7T
	1HvZPRJyscBk5RfXtDshi79xR0v8DPLYz3PbzjLre7ipAALafNOlOl0fgoplbvA+VLcR
	E8OXlgXRwe/FAsebF+9zZfMfKOXIXW0YoKKg0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:content-type:content-transfer-encoding;
	b=b1b3bgFyL0ZTwHMm+MSQy6KvJiAYkukzL3RFBEgMaFJeCD3yKVEXCbvITdUuUZ42p3
	8dw7TTwFmRGJNy9PSTeEVsQ8DdOFzKtW3uO3K9OkGtDDvzCZZ/S4pIxyAwMknN/YdozA
	jT5Tk9z0472pLmNIaJaEwXUfnbTN4RBo6Rkjw=
MIME-Version: 1.0
Received: by 10.101.201.2 with SMTP id d2mr1769802anq.197.1254853172845; Tue, 
	06 Oct 2009 11:19:32 -0700 (PDT)
In-Reply-To: <20091005181634.GA37622@root.ucsc.edu>
References: <C71A2370-DF5D-4C73-9321-7AA95B4844D5@danielbond.org>
	<f2f79c6b5c482a9ad826c2f53d206dec@yyc.orthanc.ca>
	<20091005181634.GA37622@root.ucsc.edu>
Date: Tue, 6 Oct 2009 14:19:32 -0400
Message-ID: <8c64b8d20910061119ya32f330s876809d96e33fb49@mail.gmail.com>
From: Mike Oliver <mwoliver@gmail.com>
To: freebsd-security@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: openssh concerns
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2009 18:41:18 -0000

On Mon, Oct 5, 2009 at 14:16, Mark Boolootian <booloo@ucsc.edu> wrote:
>
> There's always fwknop: =A0http://www.cipherdyne.org/fwknop/

Back when I ran ipfw I had a Bourne script that would change the
outside port (translated to 22 on the inside by natd) to something
between 10000 and 65500 every so often, maybe hourly.  The script
would rewrite the natd.conf, bounce natd, do some other stuff I can't
remember, and finish by sending me the new outside port number via
SMS.  I did that for a few years and never had a single problem with
it.  That was a fun project.

--=20
Mike Oliver, KT2T
+1-863-738-2334
kt2t@arrl.net -or- mwoliver@gmail.com