From owner-freebsd-security Mon Sep 3 20:40: 7 2001 Delivered-To: freebsd-security@freebsd.org Received: from femail43.sdc1.sfba.home.com (femail43.sdc1.sfba.home.com [24.254.60.37]) by hub.freebsd.org (Postfix) with ESMTP id B32EF37B403 for ; Mon, 3 Sep 2001 20:40:03 -0700 (PDT) Received: from bean.overtone.org ([24.249.254.100]) by femail43.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20010904034003.WDWW23054.femail43.sdc1.sfba.home.com@bean.overtone.org>; Mon, 3 Sep 2001 20:40:03 -0700 Received: by bean.overtone.org (Postfix, from userid 1001) id 53A455B712; Tue, 4 Sep 2001 03:39:56 +0000 (GMT) Date: Tue, 4 Sep 2001 03:39:55 +0000 From: Kevin Way To: Not Going to Tell You Cc: freebsd-security@freebsd.org Subject: Re: Possible New Security Tool For FreeBSD, Need Your Help. Message-ID: <20010904033955.A52291@bean.overtone.org> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="dDRMvlgZJXvWKvBx" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from luckywolf19@hotmail.com on Mon, Sep 03, 2001 at 02:14:28PM +0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > But by hidding the sshd port, maybe, just maybe, we can reduce the > number of script kiddies from trying sshd scripts. just a note that nobody has directly mentioned. You're also exposing yourself to additional risks. -Administrators could potentially be located behind unusual firewalls which could hinder the magic port sequence delivery. -Administrators could potentially be working over a network connection with high loss rates, making the magic port sequence delivery infeasible -Administrators could potentially be working over network connections with unpredictable latency, making the sequence arrive in the incorrect order -there could be an unforeseen failure mode of the software which causes the port to fail to open, despite proper network transmission of the correct code. I really don't care if you want to implement this idea or not, but I'd urge you to consider these risks before you move forward. Kevin Way --dDRMvlgZJXvWKvBx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7lE0LKxA01iDoLN4RAj1oAJ96nCorQ4zLx03o5xb5yLfAlhKP1gCdF9Um T72KGthsufykFGjwjq5cZRI= =wSpV -----END PGP SIGNATURE----- --dDRMvlgZJXvWKvBx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message