Date: Tue, 4 Sep 2001 09:10:28 +0200 From: "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl> To: "Kevin Way" <kevin.way@overtone.org> Cc: <freebsd-security@freebsd.org> Subject: RE: Possible New Security Tool For FreeBSD, Need Your Help. Message-ID: <98829DC07ECECD47893074C4D525EFC311569F@citsnl007.europe.intranet>
index | next in thread | raw e-mail
Right, I was wondering when someone might say that... It seems to me that there are obvious drawbacks to this idea. Like someone else mentioned. It's a good idea but you can't count on the security. So if the security *is* too week, and that doesn't bother Lucky, then perhaps other *less secure* methods might also be appealing (and easier to implement.) How about a CGI which adds the rule dynamically. You could put it on an ssl website behind a decent password. Still would not be rock solid but it wouldn't be any worse than the original idea. -D :-----Original Message----- :From: Kevin Way [mailto:kevin.way@overtone.org] :Sent: Tuesday, September 04, 2001 5:40 AM :To: Not Going to Tell You :Cc: freebsd-security@freebsd.org :Subject: Re: Possible New Security Tool For FreeBSD, Need Your Help. : : :> But by hidding the sshd port, maybe, just maybe, we can reduce the :> number of script kiddies from trying sshd scripts. : :just a note that nobody has directly mentioned. You're also exposing :yourself to additional risks. : :-Administrators could potentially be located behind unusual firewalls :which could hinder the magic port sequence delivery. : :-Administrators could potentially be working over a network connection :with high loss rates, making the magic port sequence delivery :infeasible : :-Administrators could potentially be working over network connections :with unpredictable latency, making the sequence arrive in the incorrect :order : :-there could be an unforeseen failure mode of the software which causes :the port to fail to open, despite proper network transmission of the :correct code. : :I really don't care if you want to implement this idea or not, but I'd :urge you to consider these risks before you move forward. : :Kevin Way : ----------------------------------------------------------------- ATTENTION: The information in this electronic mail message is private and confidential, and only intended for the addressee. Should you receive this message by mistake, you are hereby notified that any disclosure, reproduction, distribution or use of this message is strictly prohibited. Please inform the sender by reply transmission and delete the message without copying or opening it. Messages and attachments are scanned for all viruses known. If this message contains password-protected attachments, the files have NOT been scanned for viruses by the ING mail domain. Always scan attachments before opening them. ----------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?98829DC07ECECD47893074C4D525EFC311569F>