Date: Tue, 4 Sep 2001 09:10:28 +0200 From: "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl> To: "Kevin Way" <kevin.way@overtone.org> Cc: <freebsd-security@freebsd.org> Subject: RE: Possible New Security Tool For FreeBSD, Need Your Help. Message-ID: <98829DC07ECECD47893074C4D525EFC311569F@citsnl007.europe.intranet>
next in thread | raw e-mail | index | archive | help
Right, I was wondering when someone might say that... It seems to me that there are obvious drawbacks to this idea. Like someone else mentioned. It's a good idea but you can't count on the security. So if the security *is* too week, and that doesn't bother Lucky, then perhaps other *less secure* methods might also be appealing (and easier to implement.) How about a CGI which adds the rule dynamically. You could put it on an ssl website behind a decent password. Still would not be rock solid but it wouldn't be any worse than the original idea. -D :-----Original Message----- :From: Kevin Way [mailto:kevin.way@overtone.org] :Sent: Tuesday, September 04, 2001 5:40 AM :To: Not Going to Tell You :Cc: freebsd-security@freebsd.org :Subject: Re: Possible New Security Tool For FreeBSD, Need Your Help. : : :> But by hidding the sshd port, maybe, just maybe, we can reduce the :> number of script kiddies from trying sshd scripts. : :just a note that nobody has directly mentioned. You're also exposing :yourself to additional risks. : :-Administrators could potentially be located behind unusual firewalls :which could hinder the magic port sequence delivery. : :-Administrators could potentially be working over a network connection :with high loss rates, making the magic port sequence delivery=20 :infeasible : :-Administrators could potentially be working over network connections :with unpredictable latency, making the sequence arrive in the incorrect :order : :-there could be an unforeseen failure mode of the software which causes :the port to fail to open, despite proper network transmission of the :correct code. : :I really don't care if you want to implement this idea or not, but I'd :urge you to consider these risks before you move forward. : :Kevin Way : -----------------------------------------------------------------=0A= ATTENTION:=0A= The information in this electronic mail message is private and=0A= confidential, and only intended for the addressee. Should you=0A= receive this message by mistake, you are hereby notified that=0A= any disclosure, reproduction, distribution or use of this=0A= message is strictly prohibited. Please inform the sender by=0A= reply transmission and delete the message without copying or=0A= opening it.=0A= =0A= Messages and attachments are scanned for all viruses known.=0A= If this message contains password-protected attachments, the=0A= files have NOT been scanned for viruses by the ING mail domain.=0A= Always scan attachments before opening them.=0A= ----------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?98829DC07ECECD47893074C4D525EFC311569F>